itconsult@ha-r01a:~$ | |
itconsult@ha-r01a:~$ conf | |
[edit] | |
itconsult@ha-r01a# set interfaces openvpn vtun2 disable | |
[edit] | |
itconsult@ha-r01a# set interfaces openvpn vtun5 disable | |
[edit] | |
itconsult@ha-r01a# commit | |
[edit] | |
itconsult@ha-r01a# set interfaces openvpn vtun1 disable | |
[edit] | |
itconsult@ha-r01a# commit | |
[edit] | |
itconsult@ha-r01a# save | |
Saving configuration to '/config/config.boot'... | |
Done | |
[edit] | |
itconsult@ha-r01a# exit | |
exit | |
itconsult@ha-r01a:~$ sh ver | |
Version: VyOS 1.3.3 | |
Release train: equuleus | |
Built by: Sentrium S.L. | |
Built on: Mon 29 May 2023 12:55 UTC | |
Build UUID: a302f99b-4d44-4a40-82ba-1a4275902d5e | |
Build commit ID: bc64a3a72244b9 | |
Architecture: x86_64 | |
Boot via: installed image | |
System type: KVM guest | |
Hardware vendor: Red Hat | |
Hardware model: KVM | |
Hardware S/N: | |
Hardware UUID: 4eb3487e-35a2-4d93-b140-b1f9480fe4a5 | |
Copyright: VyOS maintainers and contributors | |
itconsult@ha-r01a:~$ | |
itconsult@ha-r01a:~$ sh system image | |
The system currently has the following image(s) installed: | |
1: 1.4.0-epa1 | |
2: 1.3.3 (default boot) | |
itconsult@ha-r01a:~$ del system image 1/4 | |
Possible completions: | |
<Enter> Execute the current command | |
<text> Name of image image to delete | |
itconsult@ha-r01a:~$ del system image 1.4.0-epa1 | |
Are you sure you want to delete the | |
"1.4.0-epa1" image? (Yes/No) [No]: y | |
Deleting the "1.4.0-epa1" image... | |
Done | |
itconsult@ha-r01a:~$ | |
itconsult@ha-r01a:~$ | |
itconsult@ha-r01a:~$ | |
itconsult@ha-r01a:~$ | |
itconsult@ha-r01a:~$ sh conf c | strip-private | |
set firewall all-ping 'enable' | |
set firewall broadcast-ping 'disable' | |
set firewall config-trap 'disable' | |
set firewall group network-group internaladdresses network 'xxx.xxx.42.0/24' | |
set firewall group network-group internaladdresses network 'xxx.xxx.23.0/29' | |
set firewall group network-group internaladdresses network 'xxx.xxx.203.24/29' | |
set firewall group network-group internaladdresses network 'xxx.xxx.69.64/29' | |
set firewall group network-group internaladdresses network 'xxx.xxx.72.64/29' | |
set firewall group network-group internaladdresses network 'xxx.xxx.4.208/29' | |
set firewall group network-group outviajt network 'xxx.xxx.23.0/29' | |
set firewall group network-group outviajt network 'xxx.xxx.4.208/29' | |
set firewall ipv6-receive-redirects 'disable' | |
set firewall ipv6-src-route 'disable' | |
set firewall ip-src-route 'disable' | |
set firewall log-martians 'enable' | |
set firewall name TO-ROUTER default-action 'drop' | |
set firewall name TO-ROUTER rule 10 action 'accept' | |
set firewall name TO-ROUTER rule 10 description 'itconsult Local Traffic' | |
set firewall name TO-ROUTER rule 10 protocol 'all' | |
set firewall name TO-ROUTER rule 10 source address 'xxx.xxx.42.0/24' | |
set firewall name TO-ROUTER rule 20 action 'accept' | |
set firewall name TO-ROUTER rule 20 description 'Foreshore link subnet' | |
set firewall name TO-ROUTER rule 20 protocol 'all' | |
set firewall name TO-ROUTER rule 20 source address 'xxx.xxx.95.24/29' | |
set firewall name TO-ROUTER rule 21 action 'accept' | |
set firewall name TO-ROUTER rule 21 description 'Foreshore routed subnet' | |
set firewall name TO-ROUTER rule 21 protocol 'all' | |
set firewall name TO-ROUTER rule 21 source address 'xxx.xxx.69.64/29' | |
set firewall name TO-ROUTER rule 30 action 'accept' | |
set firewall name TO-ROUTER rule 30 description 'Newtel link subnet' | |
set firewall name TO-ROUTER rule 30 protocol 'all' | |
set firewall name TO-ROUTER rule 30 source address 'xxx.xxx.203.32/29' | |
set firewall name TO-ROUTER rule 31 action 'accept' | |
set firewall name TO-ROUTER rule 31 description 'Newtel link subnet' | |
set firewall name TO-ROUTER rule 31 protocol 'all' | |
set firewall name TO-ROUTER rule 31 source address 'xxx.xxx.203.24/29' | |
set firewall name TO-ROUTER rule 40 action 'accept' | |
set firewall name TO-ROUTER rule 40 description 'JT link subnet' | |
set firewall name TO-ROUTER rule 40 protocol 'all' | |
set firewall name TO-ROUTER rule 40 source address 'xxx.xxx.4.208/29' | |
set firewall name TO-ROUTER rule 41 action 'accept' | |
set firewall name TO-ROUTER rule 41 description 'JT routed subnet' | |
set firewall name TO-ROUTER rule 41 protocol 'all' | |
set firewall name TO-ROUTER rule 41 source address 'xxx.xxx.23.0/29' | |
set firewall name TO-ROUTER rule 42 action 'accept' | |
set firewall name TO-ROUTER rule 42 description 'JT BGP peers' | |
set firewall name TO-ROUTER rule 42 protocol 'all' | |
set firewall name TO-ROUTER rule 42 source address 'xxx.xxx.12.56/31' | |
set firewall name TO-ROUTER rule 43 action 'accept' | |
set firewall name TO-ROUTER rule 43 description 'JT BGP peers' | |
set firewall name TO-ROUTER rule 43 protocol 'all' | |
set firewall name TO-ROUTER rule 43 source address 'xxx.xxx.102.192/29' | |
set firewall name TO-ROUTER rule 46 action 'accept' | |
set firewall name TO-ROUTER rule 46 description 'qr broadband' | |
set firewall name TO-ROUTER rule 46 protocol 'all' | |
set firewall name TO-ROUTER rule 46 source address 'xxx.xxx.27.93/32' | |
set firewall name TO-ROUTER rule 47 action 'accept' | |
set firewall name TO-ROUTER rule 47 description 'vp-r01a' | |
set firewall name TO-ROUTER rule 47 protocol 'all' | |
set firewall name TO-ROUTER rule 47 source address 'xxx.xxx.63.136/32' | |
set firewall name TO-ROUTER rule 50 action 'accept' | |
set firewall name TO-ROUTER rule 50 description 'ssh from m70' | |
set firewall name TO-ROUTER rule 50 destination port 'ssh' | |
set firewall name TO-ROUTER rule 50 protocol 'tcp' | |
set firewall name TO-ROUTER rule 50 source address 'xxx.xxx.144.150/32' | |
set firewall name TO-ROUTER rule 51 action 'accept' | |
set firewall name TO-ROUTER rule 51 description 'ssh from m72' | |
set firewall name TO-ROUTER rule 51 destination port 'ssh' | |
set firewall name TO-ROUTER rule 51 protocol 'tcp' | |
set firewall name TO-ROUTER rule 51 source address 'xxx.xxx.34.123/32' | |
set firewall name TO-ROUTER rule 60 action 'accept' | |
set firewall name TO-ROUTER rule 60 description 'VRRP' | |
set firewall name TO-ROUTER rule 60 destination address 'xxx.xxx.0.18' | |
set firewall name TO-ROUTER rule 60 protocol '112' | |
set firewall name TO-ROUTER rule 70 action 'accept' | |
set firewall name TO-ROUTER rule 70 description 'IPSEC UDP' | |
set firewall name TO-ROUTER rule 70 destination port '500,4500,1701' | |
set firewall name TO-ROUTER rule 70 protocol 'udp' | |
set firewall name TO-ROUTER rule 80 action 'accept' | |
set firewall name TO-ROUTER rule 80 description 'IPSEC ESP' | |
set firewall name TO-ROUTER rule 80 protocol 'esp' | |
set firewall name TO-ROUTER rule 100 action 'accept' | |
set firewall name TO-ROUTER rule 100 description 'DHCP' | |
set firewall name TO-ROUTER rule 100 destination port 'bootps' | |
set firewall name TO-ROUTER rule 100 protocol 'udp' | |
set firewall name TO-ROUTER rule 401 action 'accept' | |
set firewall name TO-ROUTER rule 401 description 'wireguard re lvg-r01' | |
set firewall name TO-ROUTER rule 401 destination port '51820' | |
set firewall name TO-ROUTER rule 401 protocol 'udp' | |
set firewall name TO-ROUTER rule 401 source address 'xxx.xxx.69.0/24' | |
set firewall name TO-ROUTER rule 402 action 'accept' | |
set firewall name TO-ROUTER rule 402 description 'wireguard re lvg-r01' | |
set firewall name TO-ROUTER rule 402 destination port '51820' | |
set firewall name TO-ROUTER rule 402 protocol 'udp' | |
set firewall name TO-ROUTER rule 402 source address 'xxx.xxx.70.0/24' | |
set firewall name TO-ROUTER rule 996 action 'accept' | |
set firewall name TO-ROUTER rule 996 description 'ICMP Throughout' | |
set firewall name TO-ROUTER rule 996 protocol 'icmp' | |
set firewall name TO-ROUTER rule 999 action 'reject' | |
set firewall name TO-ROUTER rule 999 description 'Block' | |
set firewall name TO-ROUTER rule 999 log 'disable' | |
set firewall name TO-ROUTER rule 999 protocol 'all' | |
set firewall receive-redirects 'disable' | |
set firewall send-redirects 'enable' | |
set firewall source-validation 'disable' | |
set firewall syn-cookies 'enable' | |
set firewall twa-hazards-protection 'disable' | |
set high-availability vrrp group eth0.20-20 advertise-interval '1' | |
set high-availability vrrp group eth0.20-20 interface 'eth0.20' | |
set high-availability vrrp group eth0.20-20 priority '150' | |
set high-availability vrrp group eth0.20-20 virtual-address xxx.xxx.42.170/28 | |
set high-availability vrrp group eth0.20-20 vrid '20' | |
set interfaces ethernet eth0 duplex 'auto' | |
set interfaces ethernet eth0 hw-id 'xx:xx:xx:xx:xx:24' | |
set interfaces ethernet eth0 offload gro | |
set interfaces ethernet eth0 offload gso | |
set interfaces ethernet eth0 offload sg | |
set interfaces ethernet eth0 offload tso | |
set interfaces ethernet eth0 speed 'auto' | |
set interfaces ethernet eth0 vif 20 address 'xxx.xxx.42.168/28' | |
set interfaces ethernet eth0 vif 20 description 'Hatherley Backbone' | |
set interfaces ethernet eth0 vif 20 firewall local name 'TO-ROUTER' | |
set interfaces ethernet eth0 vif 20 ip ospf cost '10' | |
set interfaces ethernet eth0 vif 20 ip ospf dead-interval '4' | |
set interfaces ethernet eth0 vif 20 ip ospf hello-interval '1' | |
set interfaces ethernet eth0 vif 20 ip ospf priority '120' | |
set interfaces ethernet eth0 vif 20 ip ospf retransmit-interval '5' | |
set interfaces ethernet eth0 vif 20 ip ospf transmit-delay '1' | |
set interfaces ethernet eth0 vif 20 policy route 'outviajt' | |
set interfaces ethernet eth0 vif 122 description 'ONT 509001' | |
set interfaces loopback lo address 'xxx.xxx.42.250/32' | |
set interfaces openvpn vtun1 description 'qr-r01a bb - ha-r01a bb' | |
set interfaces openvpn vtun1 disable | |
set interfaces openvpn vtun1 encryption cipher 'aes256' | |
set interfaces openvpn vtun1 firewall local name 'TO-ROUTER' | |
set interfaces openvpn vtun1 hash 'sha256' | |
set interfaces openvpn vtun1 ip ospf cost '20' | |
set interfaces openvpn vtun1 ip ospf dead-interval '4' | |
set interfaces openvpn vtun1 ip ospf hello-interval '1' | |
set interfaces openvpn vtun1 ip ospf network 'point-to-point' | |
set interfaces openvpn vtun1 ip ospf priority '1' | |
set interfaces openvpn vtun1 ip ospf retransmit-interval '5' | |
set interfaces openvpn vtun1 ip ospf transmit-delay '1' | |
set interfaces openvpn vtun1 local-address xxx.xxx.42.146 subnet-mask 'xxx.xxx.255.252' | |
set interfaces openvpn vtun1 mode 'site-to-site' | |
set interfaces openvpn vtun1 remote-address 'xxx.xxx.42.145' | |
set interfaces openvpn vtun1 remote-host 'xxx.xxx.27.93' | |
set interfaces openvpn vtun1 shared-secret-key-file xxxxxx | |
set interfaces openvpn vtun2 description 'qr-r01b foreshore - ha-r01a bb' | |
set interfaces openvpn vtun2 disable | |
set interfaces openvpn vtun2 encryption cipher 'aes256' | |
set interfaces openvpn vtun2 firewall local name 'TO-ROUTER' | |
set interfaces openvpn vtun2 hash 'sha256' | |
set interfaces openvpn vtun2 ip ospf cost '40' | |
set interfaces openvpn vtun2 ip ospf dead-interval '4' | |
set interfaces openvpn vtun2 ip ospf hello-interval '1' | |
set interfaces openvpn vtun2 ip ospf network 'point-to-point' | |
set interfaces openvpn vtun2 ip ospf priority '1' | |
set interfaces openvpn vtun2 ip ospf retransmit-interval '5' | |
set interfaces openvpn vtun2 ip ospf transmit-delay '1' | |
set interfaces openvpn vtun2 local-address xxx.xxx.42.150 subnet-mask 'xxx.xxx.255.252' | |
set interfaces openvpn vtun2 local-port '1195' | |
set interfaces openvpn vtun2 mode 'site-to-site' | |
set interfaces openvpn vtun2 remote-address 'xxx.xxx.42.149' | |
set interfaces openvpn vtun2 remote-host 'xxx.xxx.95.29' | |
set interfaces openvpn vtun2 remote-port '1195' | |
set interfaces openvpn vtun2 shared-secret-key-file xxxxxx | |
set interfaces openvpn vtun5 description 'vp-r01 - broadband' | |
set interfaces openvpn vtun5 disable | |
set interfaces openvpn vtun5 encryption cipher 'aes256' | |
set interfaces openvpn vtun5 firewall local name 'TO-ROUTER' | |
set interfaces openvpn vtun5 hash 'sha256' | |
set interfaces openvpn vtun5 ip ospf cost '65' | |
set interfaces openvpn vtun5 ip ospf dead-interval '4' | |
set interfaces openvpn vtun5 ip ospf hello-interval '1' | |
set interfaces openvpn vtun5 ip ospf network 'point-to-point' | |
set interfaces openvpn vtun5 ip ospf priority '1' | |
set interfaces openvpn vtun5 ip ospf retransmit-interval '5' | |
set interfaces openvpn vtun5 ip ospf transmit-delay '1' | |
set interfaces openvpn vtun5 local-address xxx.xxx.42.241 subnet-mask 'xxx.xxx.255.252' | |
set interfaces openvpn vtun5 local-port '1198' | |
set interfaces openvpn vtun5 mode 'site-to-site' | |
set interfaces openvpn vtun5 remote-address 'xxx.xxx.42.242' | |
set interfaces openvpn vtun5 remote-host 'xxx.xxx.63.136' | |
set interfaces openvpn vtun5 remote-port '1198' | |
set interfaces openvpn vtun5 shared-secret-key-file xxxxxx | |
set interfaces pppoe pppoe0 authentication password xxxxxx | |
set interfaces pppoe pppoe0 authentication user xxxxxx | |
set interfaces pppoe pppoe0 default-route 'none' | |
set interfaces pppoe pppoe0 firewall local name 'TO-ROUTER' | |
set interfaces pppoe pppoe0 mtu '1492' | |
set interfaces pppoe pppoe0 no-peer-dns | |
set interfaces pppoe pppoe0 source-interface 'eth0.122' | |
set interfaces wireguard wg09 address 'xxx.xxx.136.237/30' | |
set interfaces wireguard wg09 description 'lvg-r01 via JT Broadband/Airtel' | |
set interfaces wireguard wg09 ip ospf dead-interval '4' | |
set interfaces wireguard wg09 ip ospf hello-interval '1' | |
set interfaces wireguard wg09 ip ospf network 'point-to-point' | |
set interfaces wireguard wg09 ip ospf priority '1' | |
set interfaces wireguard wg09 ip ospf retransmit-interval '5' | |
set interfaces wireguard wg09 ip ospf transmit-delay '1' | |
set interfaces wireguard wg09 peer to-lvg-r01 allowed-ips 'xxx.xxx.0.0/0' | |
set interfaces wireguard wg09 peer to-lvg-r01 persistent-keepalive '25' | |
set interfaces wireguard wg09 peer to-lvg-r01 pubkey 'CUB1Xs9TIwiKpZLtI09YlkY6+e0qc6WParY1Ku9SrXo=' | |
set interfaces wireguard wg09 port '51820' | |
set interfaces wireguard wg09 private-key xxxxxx | |
set policy as-path-list itconsult rule 10 action 'permit' | |
set policy as-path-list itconsult rule 10 regex '^$' | |
set policy prefix-list default-route rule 10 action 'permit' | |
set policy prefix-list default-route rule 10 prefix 'xxx.xxx.0.0/0' | |
set policy prefix-list itconsult-aggregated rule 10 action 'permit' | |
set policy prefix-list itconsult-aggregated rule 10 prefix 'xxx.xxx.42.0/24' | |
set policy prefix-list rfc1918 rule 10 action 'permit' | |
set policy prefix-list rfc1918 rule 10 prefix 'xxx.xxx.0.0/8' | |
set policy prefix-list rfc1918 rule 11 action 'permit' | |
set policy prefix-list rfc1918 rule 11 ge '9' | |
set policy prefix-list rfc1918 rule 11 prefix 'xxx.xxx.0.0/8' | |
set policy prefix-list rfc1918 rule 20 action 'permit' | |
set policy prefix-list rfc1918 rule 20 prefix 'xxx.xxx.0.0/12' | |
set policy prefix-list rfc1918 rule 21 action 'permit' | |
set policy prefix-list rfc1918 rule 21 ge '13' | |
set policy prefix-list rfc1918 rule 21 prefix 'xxx.xxx.0.0/12' | |
set policy prefix-list rfc1918 rule 30 action 'permit' | |
set policy prefix-list rfc1918 rule 30 prefix 'xxx.xxx.0.0/16' | |
set policy prefix-list rfc1918 rule 31 action 'permit' | |
set policy prefix-list rfc1918 rule 31 ge '17' | |
set policy prefix-list rfc1918 rule 31 prefix 'xxx.xxx.0.0/16' | |
set policy route outviajt rule 10 description 'Internal Traffic' | |
set policy route outviajt rule 10 destination group network-group 'internaladdresses' | |
set policy route outviajt rule 10 set table 'main' | |
set policy route outviajt rule 10 source group network-group 'outviajt' | |
set policy route outviajt rule 20 description 'Out via JT' | |
set policy route outviajt rule 20 set table '1' | |
set policy route outviajt rule 20 source group network-group 'outviajt' | |
set policy route outviajt rule 30 description 'Normal Traffic' | |
set policy route outviajt rule 30 set table 'main' | |
set policy route-map bgp-local-no-export rule 10 action 'permit' | |
set policy route-map bgp-local-no-export rule 10 set community 'no-export' | |
set policy route-map bgp-no-advertise rule 10 action 'deny' | |
set policy route-map static-to-ospf rule 10 action 'permit' | |
set policy route-map static-to-ospf rule 10 description 'Redistribute default route' | |
set policy route-map static-to-ospf rule 10 match ip address prefix-list 'default-route' | |
set policy route-map static-to-ospf rule 20 action 'deny' | |
set policy route-map static-to-ospf rule 20 description 'Do not resistribute anything else' | |
set protocols bgp XXXXXX address-family ipv4-unicast aggregate-address xxx.xxx.42.0/24 | |
set protocols bgp XXXXXX address-family ipv4-unicast network xxx.xxx.42.250/32 route-map 'bgp-local-no-export' | |
set protocols bgp XXXXXX neighbor xxx.xxx.42.213 description 'qr-r01a' | |
set protocols bgp XXXXXX neighbor xxx.xxx.42.213 peer-group 'ITCONSULT' | |
set protocols bgp XXXXXX neighbor xxx.xxx.42.214 description 'vp-r01' | |
set protocols bgp XXXXXX neighbor xxx.xxx.42.214 peer-group 'ITCONSULT' | |
set protocols bgp XXXXXX neighbor xxx.xxx.42.215 description 'ha-r01b' | |
set protocols bgp XXXXXX neighbor xxx.xxx.42.215 peer-group 'ITCONSULT' | |
set protocols bgp XXXXXX neighbor xxx.xxx.42.251 description 'qr-r01b' | |
set protocols bgp XXXXXX neighbor xxx.xxx.42.251 peer-group 'ITCONSULT' | |
set protocols bgp XXXXXX parameters log-neighbor-changes | |
set protocols bgp XXXXXX parameters no-fast-external-failover | |
set protocols bgp XXXXXX peer-group ITCONSULT remote-as '25040' | |
set protocols bgp XXXXXX peer-group ITCONSULT update-source 'xxx.xxx.42.250' | |
set protocols bgp XXXXXX timers holdtime '45' | |
set protocols bgp XXXXXX timers keepalive '5' | |
set protocols ospf area 0 area-type normal | |
set protocols ospf area 0 network 'xxx.xxx.42.160/28' | |
set protocols ospf area 0 network 'xxx.xxx.42.250/32' | |
set protocols ospf area 0 network 'xxx.xxx.42.156/30' | |
set protocols ospf area 0 network 'xxx.xxx.42.200/30' | |
set protocols ospf area 0 network 'xxx.xxx.42.144/30' | |
set protocols ospf area 0 network 'xxx.xxx.42.148/30' | |
set protocols ospf area 0 network 'xxx.xxx.42.240/30' | |
set protocols ospf area 0 network 'xxx.xxx.136.236/30' | |
set protocols ospf default-information originate metric '10' | |
set protocols ospf default-information originate metric-type '1' | |
set protocols ospf log-adjacency-changes detail | |
set protocols ospf redistribute static metric-type '2' | |
set protocols ospf redistribute static route-map 'static-to-ospf' | |
set protocols static interface-route xxx.xxx.63.136/32 next-hop-interface pppoe0 | |
set protocols static interface-route xxx.xxx.69.0/24 next-hop-interface pppoe0 | |
set protocols static interface-route xxx.xxx.70.0/24 next-hop-interface pppoe0 | |
set protocols static interface-route xxx.xxx.12.56/31 next-hop-interface pppoe0 | |
set protocols static interface-route xxx.xxx.27.93/32 next-hop-interface pppoe0 | |
set protocols static interface-route xxx.xxx.95.29/32 next-hop-interface pppoe0 | |
set protocols static route xxx.xxx.0.0/0 blackhole distance '210' | |
set protocols static route xxx.xxx.42.0/24 blackhole distance '210' | |
set protocols static table 1 interface-route xxx.xxx.0.0/0 next-hop-interface pppoe0 | |
set service snmp community [redacted] authorization 'ro' | |
set service snmp community [redacted] network 'xxx.xxx.42.0/24' | |
set service ssh port '22' | |
set system config-management commit-revisions '20' | |
set system conntrack modules ftp | |
set system conntrack modules h323 | |
set system conntrack modules nfs | |
set system conntrack modules pptp | |
set system conntrack modules sip | |
set system conntrack modules sqlnet | |
set system conntrack modules tftp | |
set system domain-name xxxxxx | |
set system host-name xxxxxx | |
set system login banner post-login '' | |
set system login banner pre-login '' | |
set system login user xxxxxx authentication encrypted-password xxxxxx | |
set system login user xxxxxx authentication plaintext-password xxxxxx | |
set system name-server 'xxx.xxx.42.9' | |
set system name-server 'xxx.xxx.42.130' | |
set system ntp listen-address 'xxx.xxx.42.168' | |
set system ntp listen-address 'xxx.xxx.42.250' | |
set system ntp server xxxxx.tld | |
set system ntp server xxxxx.tld | |
set system ntp server xxxxx.tld | |
set system ntp server xxxxx.tld | |
set system syslog global facility all level 'debug' | |
set system syslog global facility protocols level 'debug' | |
set system syslog host xxx.xxx.42.2 facility all level 'debug' | |
set system time-zone 'GB' | |
set traffic-policy | |
itconsult@ha-r01a:~$ | |
itconsult@ha-r01a:~$ | |
itconsult@ha-r01a:~$ ls | |
vyos-1.4.0-epa1-amd64.iso | |
itconsult@ha-r01a:~$ | |
itconsult@ha-r01a:~$ | |
itconsult@ha-r01a:~$ | |
itconsult@ha-r01a:~$ add system image vyos-1.4.0-epa1-amd64.iso | |
Checking SHA256 checksums of files on the ISO image... OK. | |
Done! | |
What would you like to name this image? [1.4.0-epa1]: | |
OK. This image will be named: 1.4.0-epa1 | |
Installing "1.4.0-epa1" image. | |
Copying new release files... | |
Would you like to save the current configuration | |
directory and config file? (Yes/No) [Yes]: | |
Copying current configuration... | |
Would you like to save the SSH host keys from your | |
current configuration? (Yes/No) [Yes]: | |
Copying SSH keys... | |
Running post-install script... | |
Setting up grub configuration... | |
Done. | |
itconsult@ha-r01a:~$ | |
itconsult@ha-r01a:~$ | |
itconsult@ha-r01a:~$ | |
itconsult@ha-r01a:~$ | |
itconsult@ha-r01a:~$ | |
itconsult@ha-r01a:~$ reboot | |
Are you sure you want to reboot this system? [y/N] y | |
Using username "itconsult". | |
[email protected]'s password: | |
itconsult@ha-r01a:~$ | |
itconsult@ha-r01a:~$ | |
itconsult@ha-r01a:~$ sh ver | |
Version: VyOS 1.4.0-epa1 | |
Release train: sagitta | |
Built by: Sentrium S.L. | |
Built on: Thu 22 Feb 2024 19:17 UTC | |
Build UUID: 97f0c92c-b99d-4bde-a67f-079ca030f2a1 | |
Build commit ID: bcac2eb1f9b49c | |
Architecture: x86_64 | |
Boot via: installed image | |
System type: KVM guest | |
Hardware vendor: Red Hat | |
Hardware model: KVM | |
Hardware S/N: | |
Hardware UUID: 4eb3487e-35a2-4d93-b140-b1f9480fe4a5 | |
Copyright: VyOS maintainers and contributors | |
itconsult@ha-r01a:~$ | |
itconsult@ha-r01a:~$ | |
itconsult@ha-r01a:~$ ls -l /tmp | |
total 52 | |
-rw-rw-r-- 1 root vyattacfg 42354 Mar 9 17:40 boot-config-trace | |
drwx------ 3 root root 60 Mar 9 17:40 systemd-private-5b4074f629bc481c89aa0117d93e5660-chrony.service-zCZ9kJ | |
drwx------ 3 root root 60 Mar 9 17:39 systemd-private-5b4074f629bc481c89aa0117d93e5660-haveged.service-8xHIfd | |
drwx------ 3 root root 60 Mar 9 17:39 systemd-private-5b4074f629bc481c89aa0117d93e5660-systemd-logind.service-33uNxL | |
-rw-r--r-- 1 root vyattacfg 868 Mar 9 17:40 vyos-configd-script-stdout | |
-rw-rw-r-- 1 root vyattacfg 2 Mar 9 17:40 vyos-config-status | |
itconsult@ha-r01a:~$ | |
itconsult@ha-r01a:~$ cat /tmp/vyos-config-status | |
1 | |
itconsult@ha-r01a:~$ cat /tmp/vyos-configd-script-stdout | |
WARNING: changing speed/duplex setting on "eth0" is unsupported! | |
DEPRECATION WARNING: OpenVPN shared-secret support will be removed in | |
future VyOS versions. Please migrate your site-to-site tunnels to TLS. | |
You can use self-signed certificates with peer fingerprint | |
verification, consult the documentation for details. | |
DEPRECATION WARNING: OpenVPN shared-secret support will be removed in | |
future VyOS versions. Please migrate your site-to-site tunnels to TLS. | |
You can use self-signed certificates with peer fingerprint | |
verification, consult the documentation for details. | |
DEPRECATION WARNING: OpenVPN shared-secret support will be removed in | |
future VyOS versions. Please migrate your site-to-site tunnels to TLS. | |
You can use self-signed certificates with peer fingerprint | |
verification, consult the documentation for details. | |
Interface "vtun1" does not exist! | |
itconsult@ha-r01a:~$ cat /tmp/boot-config-trace | |
Traceback (most recent call last): | |
File "/usr/libexec/vyos/vyos-boot-config-loader.py", line 144, in <module> | |
commit_out = session.commit() | |
^^^^^^^^^^^^^^^^ | |
File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 187, in commit | |
out = self.__run_command([COMMIT]) | |
^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | |
File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 143, in __run_command | |
raise ConfigSessionError(output) | |
vyos.configsession.ConfigSessionError: Processing the Priority Queue | |
Entering the _commit_check_cfg_node | |
Executing the "system domain-name itconsult.net" ... | |
Elapsed 0.018 sec: | |
Executing the "system host-name ha-r01a" ... | |
Elapsed 0.005 sec: | |
Elapsed 0.023 sec: _commit_check_cfg_node | |
Entering the _commit_exec_cfg_node | |
Executing the "system domain-name itconsult.net" ... | |
[ system domain-name itconsult.net ] | |
sudo: unable to resolve host ha-r01a: System error | |
Elapsed 1.228 sec: | |
Executing the "system host-name ha-r01a" ... | |
Elapsed 0.126 sec: | |
Elapsed 1.355 sec: _commit_exec_cfg_node | |
Entering the _commit_check_cfg_node | |
Executing the "system time-zone GB" ... | |
Elapsed 0.521 sec: | |
Elapsed 0.521 sec: _commit_check_cfg_node | |
Entering the _commit_exec_cfg_node | |
Executing the "system time-zone GB" ... | |
Elapsed 0.082 sec: | |
Elapsed 0.082 sec: _commit_exec_cfg_node | |
Entering the _commit_check_cfg_node | |
Executing the "policy as-path-list itconsult rule 10" ... | |
Elapsed 0.052 sec: | |
Executing the "policy as-path-list itconsult rule 10 action permit" ... | |
Elapsed 0.006 sec: | |
Executing the "policy prefix-list default-route" ... | |
Elapsed 0.005 sec: | |
Executing the "policy prefix-list default-route rule 10" ... | |
Elapsed 0.010 sec: | |
Executing the "policy prefix-list default-route rule 10 action permit" ... | |
Elapsed 0.005 sec: | |
Executing the "policy prefix-list default-route rule 10 prefix 0.0.0.0/0" ... | |
Elapsed 0.012 sec: | |
Executing the "policy prefix-list itconsult-aggregated" ... | |
Elapsed 0.005 sec: | |
Executing the "policy prefix-list itconsult-aggregated rule 10" ... | |
Elapsed 0.010 sec: | |
Executing the "policy prefix-list itconsult-aggregated rule 10 action permit" ... | |
Elapsed 0.005 sec: | |
Executing the "policy prefix-list itconsult-aggregated rule 10 prefix 193.201.42.0/24" ... | |
Elapsed 0.011 sec: | |
Executing the "policy prefix-list rfc1918" ... | |
Elapsed 0.005 sec: | |
Executing the "policy prefix-list rfc1918 rule 10" ... | |
Elapsed 0.010 sec: | |
Executing the "policy prefix-list rfc1918 rule 10 action permit" ... | |
Elapsed 0.005 sec: | |
Executing the "policy prefix-list rfc1918 rule 10 prefix 10.0.0.0/8" ... | |
Elapsed 0.012 sec: | |
Executing the "policy prefix-list rfc1918 rule 11" ... | |
Elapsed 0.010 sec: | |
Executing the "policy prefix-list rfc1918 rule 11 action permit" ... | |
Elapsed 0.005 sec: | |
Executing the "policy prefix-list rfc1918 rule 11 ge 9" ... | |
Elapsed 0.010 sec: | |
Executing the "policy prefix-list rfc1918 rule 11 prefix 10.0.0.0/8" ... | |
Elapsed 0.012 sec: | |
Executing the "policy prefix-list rfc1918 rule 20" ... | |
Elapsed 0.010 sec: | |
Executing the "policy prefix-list rfc1918 rule 20 action permit" ... | |
Elapsed 0.005 sec: | |
Executing the "policy prefix-list rfc1918 rule 20 prefix 172.16.0.0/12" ... | |
Elapsed 0.011 sec: | |
Executing the "policy prefix-list rfc1918 rule 21" ... | |
Elapsed 0.009 sec: | |
Executing the "policy prefix-list rfc1918 rule 21 action permit" ... | |
Elapsed 0.005 sec: | |
Executing the "policy prefix-list rfc1918 rule 21 ge 13" ... | |
Elapsed 0.011 sec: | |
Executing the "policy prefix-list rfc1918 rule 21 prefix 172.16.0.0/12" ... | |
Elapsed 0.012 sec: | |
Executing the "policy prefix-list rfc1918 rule 30" ... | |
Elapsed 0.010 sec: | |
Executing the "policy prefix-list rfc1918 rule 30 action permit" ... | |
Elapsed 0.005 sec: | |
Executing the "policy prefix-list rfc1918 rule 30 prefix 192.168.0.0/16" ... | |
Elapsed 0.012 sec: | |
Executing the "policy prefix-list rfc1918 rule 31" ... | |
Elapsed 0.010 sec: | |
Executing the "policy prefix-list rfc1918 rule 31 action permit" ... | |
Elapsed 0.005 sec: | |
Executing the "policy prefix-list rfc1918 rule 31 ge 17" ... | |
Elapsed 0.010 sec: | |
Executing the "policy prefix-list rfc1918 rule 31 prefix 192.168.0.0/16" ... | |
Elapsed 0.012 sec: | |
Executing the "policy route-map bgp-local-no-export" ... | |
Elapsed 0.005 sec: | |
Executing the "policy route-map bgp-local-no-export rule 10" ... | |
Elapsed 0.009 sec: | |
Executing the "policy route-map bgp-local-no-export rule 10 action permit" ... | |
Elapsed 0.005 sec: | |
Executing the "policy route-map bgp-no-advertise" ... | |
Elapsed 0.005 sec: | |
Executing the "policy route-map bgp-no-advertise rule 10" ... | |
Elapsed 0.009 sec: | |
Executing the "policy route-map bgp-no-advertise rule 10 action deny" ... | |
Elapsed 0.005 sec: | |
Executing the "policy route-map static-to-ospf" ... | |
Elapsed 0.005 sec: | |
Executing the "policy route-map static-to-ospf rule 10" ... | |
Elapsed 0.010 sec: | |
Executing the "policy route-map static-to-ospf rule 10 action permit" ... | |
Elapsed 0.006 sec: | |
Executing the "policy route-map static-to-ospf rule 10 description Redistribute default route" ... | |
Elapsed 0.005 sec: | |
Executing the "policy route-map static-to-ospf rule 20" ... | |
Elapsed 0.010 sec: | |
Executing the "policy route-map static-to-ospf rule 20 action deny" ... | |
Elapsed 0.004 sec: | |
Executing the "policy route-map static-to-ospf rule 20 description Do not resistribute anything else" ... | |
Elapsed 0.004 sec: | |
Elapsed 0.419 sec: _commit_check_cfg_node | |
Entering the _commit_exec_cfg_node | |
Executing the "policy" ... | |
Elapsed 2.389 sec: | |
Elapsed 2.389 sec: _commit_exec_cfg_node | |
Entering the _commit_check_cfg_node | |
Executing the "policy route outviajt" ... | |
Elapsed 0.005 sec: | |
Executing the "policy route outviajt interface eth0.20" ... | |
Elapsed 0.011 sec: | |
Executing the "policy route outviajt rule 10" ... | |
Elapsed 0.010 sec: | |
Executing the "policy route outviajt rule 10 description Internal Traffic" ... | |
Elapsed 0.005 sec: | |
Executing the "policy route outviajt rule 10 set table main" ... | |
Elapsed 0.010 sec: | |
Executing the "policy route outviajt rule 20" ... | |
Elapsed 0.010 sec: | |
Executing the "policy route outviajt rule 20 description Out via JT" ... | |
Elapsed 0.005 sec: | |
Executing the "policy route outviajt rule 20 set table 1" ... | |
Elapsed 0.009 sec: | |
Executing the "policy route outviajt rule 30" ... | |
Elapsed 0.009 sec: | |
Executing the "policy route outviajt rule 30 description Normal Traffic" ... | |
Elapsed 0.005 sec: | |
Executing the "policy route outviajt rule 30 set table main" ... | |
Elapsed 0.009 sec: | |
Elapsed 0.092 sec: _commit_check_cfg_node | |
Entering the _commit_exec_cfg_node | |
Executing the "policy route outviajt" ... | |
Elapsed 0.141 sec: | |
Elapsed 0.141 sec: _commit_exec_cfg_node | |
Entering the _commit_check_cfg_node | |
Elapsed 0.000 sec: _commit_check_cfg_node | |
Entering the _commit_exec_cfg_node | |
Executing the "system conntrack" ... | |
Elapsed 0.225 sec: | |
Elapsed 0.225 sec: _commit_exec_cfg_node | |
Entering the _commit_check_cfg_node | |
Executing the "interfaces loopback lo" ... | |
Elapsed 0.005 sec: | |
Executing the "interfaces loopback lo address 193.201.42.250/32" ... | |
Elapsed 0.017 sec: | |
Elapsed 0.022 sec: _commit_check_cfg_node | |
Entering the _commit_exec_cfg_node | |
Executing the "interfaces loopback lo" ... | |
Elapsed 0.239 sec: | |
Elapsed 0.240 sec: _commit_exec_cfg_node | |
Entering the _commit_check_cfg_node | |
Elapsed 0.000 sec: _commit_check_cfg_node | |
Entering the _commit_exec_cfg_node | |
Executing the "pki" ... | |
Elapsed 0.072 sec: | |
Elapsed 0.072 sec: _commit_exec_cfg_node | |
Entering the _commit_check_cfg_node | |
Executing the "interfaces ethernet eth0" ... | |
Elapsed 0.005 sec: | |
Executing the "interfaces ethernet eth0 duplex auto" ... | |
Elapsed 0.005 sec: | |
Executing the "interfaces ethernet eth0 hw-id 00:16:3e:e0:be:24" ... | |
Elapsed 0.019 sec: | |
Executing the "interfaces ethernet eth0 speed auto" ... | |
Elapsed 0.005 sec: | |
Executing the "interfaces ethernet eth0 vif 20" ... | |
Elapsed 0.010 sec: | |
Executing the "interfaces ethernet eth0 vif 20 address 193.201.42.168/28" ... | |
Elapsed 0.012 sec: | |
Executing the "interfaces ethernet eth0 vif 20 description Hatherley Backbone" ... | |
Elapsed 0.005 sec: | |
Executing the "interfaces ethernet eth0 vif 122" ... | |
Elapsed 0.009 sec: | |
Executing the "interfaces ethernet eth0 vif 122 description ONT 509001" ... | |
Elapsed 0.005 sec: | |
Elapsed 0.079 sec: _commit_check_cfg_node | |
Entering the _commit_exec_cfg_node | |
Executing the "interfaces ethernet eth0" ... | |
Elapsed 0.960 sec: | |
Elapsed 0.960 sec: _commit_exec_cfg_node | |
Entering the _commit_check_cfg_node | |
Executing the "firewall global-options all-ping enable" ... | |
Elapsed 0.011 sec: | |
Executing the "firewall global-options broadcast-ping disable" ... | |
Elapsed 0.011 sec: | |
Executing the "firewall global-options ipv6-receive-redirects disable" ... | |
Elapsed 0.011 sec: | |
Executing the "firewall global-options ipv6-src-route disable" ... | |
Elapsed 0.010 sec: | |
Executing the "firewall global-options ip-src-route disable" ... | |
Elapsed 0.009 sec: | |
Executing the "firewall global-options log-martians enable" ... | |
Elapsed 0.012 sec: | |
Executing the "firewall global-options receive-redirects disable" ... | |
Elapsed 0.010 sec: | |
Executing the "firewall global-options send-redirects enable" ... | |
Elapsed 0.009 sec: | |
Executing the "firewall global-options source-validation disable" ... | |
Elapsed 0.012 sec: | |
Executing the "firewall global-options syn-cookies enable" ... | |
Elapsed 0.010 sec: | |
Executing the "firewall global-options twa-hazards-protection disable" ... | |
Elapsed 0.014 sec: | |
Executing the "firewall group network-group internaladdresses" ... | |
Elapsed 0.009 sec: | |
Executing the "firewall group network-group internaladdresses network 193.201.42.0/24" ... | |
Elapsed 0.032 sec: | |
Executing the "firewall group network-group internaladdresses network 212.9.23.0/29" ... | |
Elapsed 0.024 sec: | |
Executing the "firewall group network-group internaladdresses network 213.133.203.24/29" ... | |
Elapsed 0.023 sec: | |
Executing the "firewall group network-group internaladdresses network 213.167.69.64/29" ... | |
Elapsed 0.025 sec: | |
Executing the "firewall group network-group internaladdresses network 213.167.72.64/29" ... | |
Elapsed 0.025 sec: | |
Executing the "firewall group network-group internaladdresses network 212.9.4.208/29" ... | |
Elapsed 0.032 sec: | |
Executing the "firewall group network-group outviajt" ... | |
Elapsed 0.010 sec: | |
Executing the "firewall group network-group outviajt network 212.9.23.0/29" ... | |
Elapsed 0.024 sec: | |
Executing the "firewall group network-group outviajt network 212.9.4.208/29" ... | |
Elapsed 0.027 sec: | |
Executing the "firewall ipv4 input filter default-action accept" ... | |
Elapsed 0.010 sec: | |
Executing the "firewall ipv4 input filter rule 5" ... | |
Elapsed 0.010 sec: | |
Executing the "firewall ipv4 input filter rule 5 action jump" ... | |
Elapsed 0.006 sec: | |
Executing the "firewall ipv4 input filter rule 5 inbound-interface name eth0.20" ... | |
Elapsed 0.065 sec: | |
Executing the "firewall ipv4 input filter rule 10" ... | |
Elapsed 0.010 sec: | |
Executing the "firewall ipv4 input filter rule 10 action jump" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 input filter rule 10 inbound-interface name pppoe0" ... | |
Elapsed 0.056 sec: | |
Executing the "firewall ipv4 input filter rule 15" ... | |
Elapsed 0.012 sec: | |
Executing the "firewall ipv4 input filter rule 15 action jump" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 input filter rule 15 inbound-interface name vtun1" ... | |
Elapsed 0.052 sec: | |
Executing the "firewall ipv4 input filter rule 20" ... | |
Elapsed 0.010 sec: | |
Executing the "firewall ipv4 input filter rule 20 action jump" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 input filter rule 20 inbound-interface name vtun2" ... | |
Elapsed 0.056 sec: | |
Executing the "firewall ipv4 input filter rule 25" ... | |
Elapsed 0.012 sec: | |
Executing the "firewall ipv4 input filter rule 25 action jump" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 input filter rule 25 inbound-interface name vtun5" ... | |
Elapsed 0.056 sec: | |
Executing the "firewall ipv4 name TO-ROUTER" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER default-action drop" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 10" ... | |
Elapsed 0.009 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 10 action return" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 10 description itconsult Local Traffic" ... | |
Elapsed 0.004 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 10 protocol all" ... | |
Elapsed 0.053 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 10 source address 193.201.42.0/24" ... | |
Elapsed 0.030 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 20" ... | |
Elapsed 0.009 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 20 action return" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 20 description Foreshore link subnet" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 20 protocol all" ... | |
Elapsed 0.053 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 20 source address 213.167.95.24/29" ... | |
Elapsed 0.029 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 21" ... | |
Elapsed 0.009 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 21 action return" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 21 description Foreshore routed subnet" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 21 protocol all" ... | |
Elapsed 0.053 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 21 source address 213.167.69.64/29" ... | |
Elapsed 0.029 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 30" ... | |
Elapsed 0.009 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 30 action return" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 30 description Newtel link subnet" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 30 protocol all" ... | |
Elapsed 0.053 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 30 source address 213.133.203.32/29" ... | |
Elapsed 0.029 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 31" ... | |
Elapsed 0.009 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 31 action return" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 31 description Newtel link subnet" ... | |
Elapsed 0.004 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 31 protocol all" ... | |
Elapsed 0.055 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 31 source address 213.133.203.24/29" ... | |
Elapsed 0.029 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 40" ... | |
Elapsed 0.009 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 40 action return" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 40 description JT link subnet" ... | |
Elapsed 0.004 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 40 protocol all" ... | |
Elapsed 0.055 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 40 source address 212.9.4.208/29" ... | |
Elapsed 0.029 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 41" ... | |
Elapsed 0.009 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 41 action return" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 41 description JT routed subnet" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 41 protocol all" ... | |
Elapsed 0.053 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 41 source address 212.9.23.0/29" ... | |
Elapsed 0.056 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 42" ... | |
Elapsed 0.011 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 42 action return" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 42 description JT BGP peers" ... | |
Elapsed 0.004 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 42 protocol all" ... | |
Elapsed 0.052 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 42 source address 212.9.12.56/31" ... | |
Elapsed 0.029 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 43" ... | |
Elapsed 0.009 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 43 action return" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 43 description JT BGP peers" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 43 protocol all" ... | |
Elapsed 0.052 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 43 source address 87.244.102.192/29" ... | |
Elapsed 0.029 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 46" ... | |
Elapsed 0.009 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 46 action return" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 46 description qr broadband" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 46 protocol all" ... | |
Elapsed 0.052 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 46 source address 212.9.27.93/32" ... | |
Elapsed 0.029 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 47" ... | |
Elapsed 0.009 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 47 action return" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 47 description vp-r01a" ... | |
Elapsed 0.004 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 47 protocol all" ... | |
Elapsed 0.052 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 47 source address 107.191.63.136/32" ... | |
Elapsed 0.029 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 50" ... | |
Elapsed 0.009 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 50 action return" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 50 description ssh from m70" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 50 destination port ssh" ... | |
Elapsed 0.085 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 50 protocol tcp" ... | |
Elapsed 0.053 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 50 source address 139.162.144.150/32" ... | |
Elapsed 0.029 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 51" ... | |
Elapsed 0.009 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 51 action return" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 51 description ssh from m72" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 51 destination port ssh" ... | |
Elapsed 0.078 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 51 protocol tcp" ... | |
Elapsed 0.053 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 51 source address 45.63.34.123/32" ... | |
Elapsed 0.030 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 60" ... | |
Elapsed 0.009 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 60 action return" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 60 description VRRP" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 60 destination address 224.0.0.18" ... | |
Elapsed 0.034 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 60 protocol 112" ... | |
Elapsed 0.053 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 70" ... | |
Elapsed 0.010 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 70 action return" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 70 description IPSEC UDP" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 70 destination port 500,4500,1701" ... | |
Elapsed 0.077 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 70 protocol udp" ... | |
Elapsed 0.052 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 80" ... | |
Elapsed 0.010 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 80 action return" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 80 description IPSEC ESP" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 80 protocol esp" ... | |
Elapsed 0.052 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 100" ... | |
Elapsed 0.010 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 100 action return" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 100 description DHCP" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 100 destination port bootps" ... | |
Elapsed 0.077 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 100 protocol udp" ... | |
Elapsed 0.052 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 401" ... | |
Elapsed 0.010 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 401 action return" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 401 description wireguard re lvg-r01" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 401 destination port 51820" ... | |
Elapsed 0.077 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 401 protocol udp" ... | |
Elapsed 0.052 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 401 source address 185.16.69.0/24" ... | |
Elapsed 0.029 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 402" ... | |
Elapsed 0.009 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 402 action return" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 402 description wireguard re lvg-r01" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 402 destination port 51820" ... | |
Elapsed 0.077 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 402 protocol udp" ... | |
Elapsed 0.053 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 402 source address 185.16.70.0/24" ... | |
Elapsed 0.029 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 996" ... | |
Elapsed 0.009 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 996 action return" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 996 description ICMP Throughout" ... | |
Elapsed 0.004 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 996 protocol icmp" ... | |
Elapsed 0.052 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 999" ... | |
Elapsed 0.009 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 999 action reject" ... | |
Elapsed 0.005 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 999 description Block" ... | |
Elapsed 0.004 sec: | |
Executing the "firewall ipv4 name TO-ROUTER rule 999 protocol all" ... | |
Elapsed 0.052 sec: | |
Elapsed 3.280 sec: _commit_check_cfg_node | |
Entering the _commit_exec_cfg_node | |
Executing the "firewall" ... | |
Elapsed 0.591 sec: | |
Elapsed 0.591 sec: _commit_exec_cfg_node | |
Entering the _commit_check_cfg_node | |
Executing the "interfaces pppoe pppoe0" ... | |
Elapsed 0.005 sec: | |
Executing the "interfaces pppoe pppoe0 authentication password [redacted]" ... | |
Elapsed 0.005 sec: | |
Executing the "interfaces pppoe pppoe0 authentication username mrichardson8" ... | |
Elapsed 0.005 sec: | |
Executing the "interfaces pppoe pppoe0 mtu 1492" ... | |
Elapsed 0.009 sec: | |
Executing the "interfaces pppoe pppoe0 source-interface eth0.122" ... | |
Elapsed 0.009 sec: | |
Elapsed 0.035 sec: _commit_check_cfg_node | |
Entering the _commit_exec_cfg_node | |
Executing the "interfaces pppoe pppoe0" ... | |
Elapsed 0.111 sec: | |
Elapsed 0.111 sec: _commit_exec_cfg_node | |
Entering the _commit_check_cfg_node | |
Executing the "interfaces wireguard wg09" ... | |
Elapsed 0.005 sec: | |
Executing the "interfaces wireguard wg09 address 10.193.136.237/30" ... | |
Elapsed 0.015 sec: | |
Executing the "interfaces wireguard wg09 description lvg-r01 via JT Broadband/Airtel" ... | |
Elapsed 0.005 sec: | |
Executing the "interfaces wireguard wg09 peer to-lvg-r01" ... | |
Elapsed 0.004 sec: | |
Executing the "interfaces wireguard wg09 peer to-lvg-r01 allowed-ips 0.0.0.0/0" ... | |
Elapsed 0.026 sec: | |
Executing the "interfaces wireguard wg09 peer to-lvg-r01 persistent-keepalive 25" ... | |
Elapsed 0.009 sec: | |
Executing the "interfaces wireguard wg09 peer to-lvg-r01 public-key [redacted]" ... | |
Elapsed 0.076 sec: | |
Executing the "interfaces wireguard wg09 port 51820" ... | |
Elapsed 0.010 sec: | |
Executing the "interfaces wireguard wg09 private-key [redacted]" ... | |
Elapsed 0.064 sec: | |
Elapsed 0.217 sec: _commit_check_cfg_node | |
Entering the _commit_exec_cfg_node | |
Executing the "interfaces wireguard wg09" ... | |
Elapsed 1.841 sec: | |
Elapsed 1.842 sec: _commit_exec_cfg_node | |
Entering the _commit_check_cfg_node | |
Executing the "system name-server 193.201.42.9" ... | |
Elapsed 0.017 sec: | |
Executing the "system name-server 193.201.42.130" ... | |
Elapsed 0.015 sec: | |
Elapsed 0.033 sec: _commit_check_cfg_node | |
Entering the _commit_exec_cfg_node | |
Executing the "system name-server 193.201.42.9" ... | |
Elapsed 0.150 sec: | |
Executing the "system name-server 193.201.42.130" ... | |
Elapsed 0.135 sec: | |
Executing the "system name-server 193.201.42.9" ... | |
Elapsed 0.121 sec: | |
Executing the "system name-server 193.201.42.130" ... | |
Elapsed 0.131 sec: | |
Elapsed 0.539 sec: _commit_exec_cfg_node | |
Entering the _commit_check_cfg_node | |
Executing the "system syslog global facility all" ... | |
Elapsed 0.005 sec: | |
Executing the "system syslog global facility all level debug" ... | |
Elapsed 0.005 sec: | |
Executing the "system syslog global facility local7" ... | |
Elapsed 0.005 sec: | |
Executing the "system syslog global facility local7 level debug" ... | |
Elapsed 0.005 sec: | |
Executing the "system syslog host 193.201.42.2" ... | |
Elapsed 0.014 sec: | |
Executing the "system syslog host 193.201.42.2 facility all" ... | |
Elapsed 0.005 sec: | |
Executing the "system syslog host 193.201.42.2 facility all level debug" ... | |
Elapsed 0.005 sec: | |
Elapsed 0.046 sec: _commit_check_cfg_node | |
Entering the _commit_exec_cfg_node | |
Executing the "system syslog" ... | |
Elapsed 0.983 sec: | |
Elapsed 0.983 sec: _commit_exec_cfg_node | |
Entering the _commit_check_cfg_node | |
Executing the "system login user itconsult" ... | |
Elapsed 0.006 sec: | |
Executing the "system login user itconsult authentication encrypted-password [redacted]" ... | |
Elapsed 0.005 sec: | |
Elapsed 0.012 sec: _commit_check_cfg_node | |
Entering the _commit_exec_cfg_node | |
Executing the "system login banner" ... | |
Elapsed 0.024 sec: | |
Executing the "system login" ... | |
Elapsed 2.636 sec: | |
Elapsed 2.660 sec: _commit_exec_cfg_node | |
Entering the _commit_check_cfg_node | |
Executing the "system config-management commit-revisions 20" ... | |
Elapsed 0.012 sec: | |
Elapsed 0.012 sec: _commit_check_cfg_node | |
Entering the _commit_exec_cfg_node | |
Executing the "system config-management" ... | |
Elapsed 0.027 sec: | |
Elapsed 0.027 sec: _commit_exec_cfg_node | |
Entering the _commit_check_cfg_node | |
Executing the "interfaces openvpn vtun2" ... | |
Elapsed 0.006 sec: | |
Executing the "interfaces openvpn vtun2 description qr-r01b foreshore - ha-r01a bb" ... | |
Elapsed 0.005 sec: | |
Executing the "interfaces openvpn vtun2 encryption cipher aes256" ... | |
Elapsed 0.005 sec: | |
Executing the "interfaces openvpn vtun2 hash sha256" ... | |
Elapsed 0.005 sec: | |
Executing the "interfaces openvpn vtun2 local-address 193.201.42.150" ... | |
Elapsed 0.013 sec: | |
Executing the "interfaces openvpn vtun2 local-address 193.201.42.150 subnet-mask 255.255.255.252" ... | |
Elapsed 0.014 sec: | |
Executing the "interfaces openvpn vtun2 local-port 1195" ... | |
Elapsed 0.011 sec: | |
Executing the "interfaces openvpn vtun2 mode site-to-site" ... | |
Elapsed 0.005 sec: | |
Executing the "interfaces openvpn vtun2 remote-address 193.201.42.149" ... | |
Elapsed 0.013 sec: | |
Executing the "interfaces openvpn vtun2 remote-port 1195" ... | |
Elapsed 0.010 sec: | |
Elapsed 0.091 sec: _commit_check_cfg_node | |
Entering the _commit_exec_cfg_node | |
Executing the "interfaces openvpn vtun2" ... | |
Elapsed 0.082 sec: | |
Elapsed 0.082 sec: _commit_exec_cfg_node | |
Entering the _commit_check_cfg_node | |
Executing the "interfaces openvpn vtun1" ... | |
Elapsed 0.006 sec: | |
Executing the "interfaces openvpn vtun1 description qr-r01a bb - ha-r01a bb" ... | |
Elapsed 0.005 sec: | |
Executing the "interfaces openvpn vtun1 encryption cipher aes256" ... | |
Elapsed 0.005 sec: | |
Executing the "interfaces openvpn vtun1 hash sha256" ... | |
Elapsed 0.005 sec: | |
Executing the "interfaces openvpn vtun1 local-address 193.201.42.146" ... | |
Elapsed 0.012 sec: | |
Executing the "interfaces openvpn vtun1 local-address 193.201.42.146 subnet-mask 255.255.255.252" ... | |
Elapsed 0.012 sec: | |
Executing the "interfaces openvpn vtun1 mode site-to-site" ... | |
Elapsed 0.005 sec: | |
Executing the "interfaces openvpn vtun1 remote-address 193.201.42.145" ... | |
Elapsed 0.012 sec: | |
Elapsed 0.066 sec: _commit_check_cfg_node | |
Entering the _commit_exec_cfg_node | |
Executing the "interfaces openvpn vtun1" ... | |
Elapsed 0.066 sec: | |
Elapsed 0.066 sec: _commit_exec_cfg_node | |
Entering the _commit_check_cfg_node | |
Executing the "interfaces openvpn vtun5" ... | |
Elapsed 0.006 sec: | |
Executing the "interfaces openvpn vtun5 description vp-r01 - broadband" ... | |
Elapsed 0.005 sec: | |
Executing the "interfaces openvpn vtun5 encryption cipher aes256" ... | |
Elapsed 0.005 sec: | |
Executing the "interfaces openvpn vtun5 hash sha256" ... | |
Elapsed 0.006 sec: | |
Executing the "interfaces openvpn vtun5 local-address 193.201.42.241" ... | |
Elapsed 0.013 sec: | |
Executing the "interfaces openvpn vtun5 local-address 193.201.42.241 subnet-mask 255.255.255.252" ... | |
Elapsed 0.013 sec: | |
Executing the "interfaces openvpn vtun5 local-port 1198" ... | |
Elapsed 0.011 sec: | |
Executing the "interfaces openvpn vtun5 mode site-to-site" ... | |
Elapsed 0.006 sec: | |
Executing the "interfaces openvpn vtun5 remote-address 193.201.42.242" ... | |
Elapsed 0.013 sec: | |
Executing the "interfaces openvpn vtun5 remote-port 1198" ... | |
Elapsed 0.011 sec: | |
Elapsed 0.094 sec: _commit_check_cfg_node | |
Entering the _commit_exec_cfg_node | |
Executing the "interfaces openvpn vtun5" ... | |
Elapsed 0.065 sec: | |
Elapsed 0.065 sec: _commit_exec_cfg_node | |
Entering the _commit_check_cfg_node | |
Executing the "protocols static route 0.0.0.0/0" ... | |
Elapsed 0.013 sec: | |
Executing the "protocols static route 0.0.0.0/0 blackhole distance 210" ... | |
Elapsed 0.010 sec: | |
Executing the "protocols static route 107.191.63.136/32" ... | |
Elapsed 0.012 sec: | |
Executing the "protocols static route 107.191.63.136/32 interface pppoe0" ... | |
Elapsed 0.010 sec: | |
Executing the "protocols static route 185.16.69.0/24" ... | |
Elapsed 0.012 sec: | |
Executing the "protocols static route 185.16.69.0/24 interface pppoe0" ... | |
Elapsed 0.010 sec: | |
Executing the "protocols static route 185.16.70.0/24" ... | |
Elapsed 0.012 sec: | |
Executing the "protocols static route 185.16.70.0/24 interface pppoe0" ... | |
Elapsed 0.010 sec: | |
Executing the "protocols static route 193.201.42.0/24" ... | |
Elapsed 0.012 sec: | |
Executing the "protocols static route 193.201.42.0/24 blackhole distance 210" ... | |
Elapsed 0.010 sec: | |
Executing the "protocols static route 212.9.12.56/31" ... | |
Elapsed 0.012 sec: | |
Executing the "protocols static route 212.9.12.56/31 interface pppoe0" ... | |
Elapsed 0.010 sec: | |
Executing the "protocols static route 212.9.27.93/32" ... | |
Elapsed 0.011 sec: | |
Executing the "protocols static route 212.9.27.93/32 interface pppoe0" ... | |
Elapsed 0.010 sec: | |
Executing the "protocols static route 213.167.95.29/32" ... | |
Elapsed 0.012 sec: | |
Executing the "protocols static route 213.167.95.29/32 interface pppoe0" ... | |
Elapsed 0.012 sec: | |
Executing the "protocols static table 1" ... | |
Elapsed 0.011 sec: | |
Executing the "protocols static table 1 route 0.0.0.0/0" ... | |
Elapsed 0.014 sec: | |
Executing the "protocols static table 1 route 0.0.0.0/0 interface pppoe0" ... | |
Elapsed 0.010 sec: | |
Elapsed 0.223 sec: _commit_check_cfg_node | |
Entering the _commit_exec_cfg_node | |
Executing the "protocols static" ... | |
Elapsed 1.198 sec: | |
Elapsed 1.198 sec: _commit_exec_cfg_node | |
Entering the _commit_check_cfg_node | |
Executing the "protocols ospf area 0" ... | |
Elapsed 0.015 sec: | |
Executing the "protocols ospf area 0 network 193.201.42.160/28" ... | |
Elapsed 0.012 sec: | |
Executing the "protocols ospf area 0 network 193.201.42.250/32" ... | |
Elapsed 0.012 sec: | |
Executing the "protocols ospf area 0 network 193.201.42.156/30" ... | |
Elapsed 0.012 sec: | |
Executing the "protocols ospf area 0 network 193.201.42.200/30" ... | |
Elapsed 0.012 sec: | |
Executing the "protocols ospf area 0 network 193.201.42.144/30" ... | |
Elapsed 0.012 sec: | |
Executing the "protocols ospf area 0 network 193.201.42.148/30" ... | |
Elapsed 0.012 sec: | |
Executing the "protocols ospf area 0 network 193.201.42.240/30" ... | |
Elapsed 0.012 sec: | |
Executing the "protocols ospf area 0 network 10.193.136.236/30" ... | |
Elapsed 0.012 sec: | |
Executing the "protocols ospf default-information originate metric 10" ... | |
Elapsed 0.010 sec: | |
Executing the "protocols ospf default-information originate metric-type 1" ... | |
Elapsed 0.011 sec: | |
Executing the "protocols ospf interface eth0.20" ... | |
Elapsed 0.011 sec: | |
Executing the "protocols ospf interface eth0.20 cost 10" ... | |
Elapsed 0.011 sec: | |
Executing the "protocols ospf interface eth0.20 dead-interval 4" ... | |
Elapsed 0.010 sec: | |
Executing the "protocols ospf interface eth0.20 hello-interval 1" ... | |
Elapsed 0.011 sec: | |
Executing the "protocols ospf interface eth0.20 priority 120" ... | |
Elapsed 0.010 sec: | |
Executing the "protocols ospf interface eth0.20 retransmit-interval 5" ... | |
Elapsed 0.010 sec: | |
Executing the "protocols ospf interface eth0.20 transmit-delay 1" ... | |
Elapsed 0.010 sec: | |
Executing the "protocols ospf interface vtun1" ... | |
Elapsed 0.010 sec: | |
Executing the "protocols ospf interface vtun1 cost 20" ... | |
Elapsed 0.010 sec: | |
Executing the "protocols ospf interface vtun1 dead-interval 4" ... | |
Elapsed 0.010 sec: | |
Executing the "protocols ospf interface vtun1 hello-interval 1" ... | |
Elapsed 0.011 sec: | |
Executing the "protocols ospf interface vtun1 network point-to-point" ... | |
Elapsed 0.005 sec: | |
Executing the "protocols ospf interface vtun1 priority 1" ... | |
Elapsed 0.010 sec: | |
Executing the "protocols ospf interface vtun1 retransmit-interval 5" ... | |
Elapsed 0.010 sec: | |
Executing the "protocols ospf interface vtun1 transmit-delay 1" ... | |
Elapsed 0.010 sec: | |
Executing the "protocols ospf interface vtun2" ... | |
Elapsed 0.010 sec: | |
Executing the "protocols ospf interface vtun2 cost 40" ... | |
Elapsed 0.011 sec: | |
Executing the "protocols ospf interface vtun2 dead-interval 4" ... | |
Elapsed 0.010 sec: | |
Executing the "protocols ospf interface vtun2 hello-interval 1" ... | |
Elapsed 0.010 sec: | |
Executing the "protocols ospf interface vtun2 network point-to-point" ... | |
Elapsed 0.005 sec: | |
Executing the "protocols ospf interface vtun2 priority 1" ... | |
Elapsed 0.010 sec: | |
Executing the "protocols ospf interface vtun2 retransmit-interval 5" ... | |
Elapsed 0.010 sec: | |
Executing the "protocols ospf interface vtun2 transmit-delay 1" ... | |
Elapsed 0.010 sec: | |
Executing the "protocols ospf interface vtun5" ... | |
Elapsed 0.010 sec: | |
Executing the "protocols ospf interface vtun5 cost 65" ... | |
Elapsed 0.010 sec: | |
Executing the "protocols ospf interface vtun5 dead-interval 4" ... | |
Elapsed 0.010 sec: | |
Executing the "protocols ospf interface vtun5 hello-interval 1" ... | |
Elapsed 0.010 sec: | |
Executing the "protocols ospf interface vtun5 network point-to-point" ... | |
Elapsed 0.005 sec: | |
Executing the "protocols ospf interface vtun5 priority 1" ... | |
Elapsed 0.010 sec: | |
Executing the "protocols ospf interface vtun5 retransmit-interval 5" ... | |
Elapsed 0.010 sec: | |
Executing the "protocols ospf interface vtun5 transmit-delay 1" ... | |
Elapsed 0.010 sec: | |
Executing the "protocols ospf interface wg09" ... | |
Elapsed 0.010 sec: | |
Executing the "protocols ospf interface wg09 dead-interval 4" ... | |
Elapsed 0.010 sec: | |
Executing the "protocols ospf interface wg09 hello-interval 1" ... | |
Elapsed 0.009 sec: | |
Executing the "protocols ospf interface wg09 network point-to-point" ... | |
Elapsed 0.005 sec: | |
Executing the "protocols ospf interface wg09 priority 1" ... | |
Elapsed 0.010 sec: | |
Executing the "protocols ospf interface wg09 retransmit-interval 5" ... | |
Elapsed 0.010 sec: | |
Executing the "protocols ospf interface wg09 transmit-delay 1" ... | |
Elapsed 0.009 sec: | |
Executing the "protocols ospf redistribute static metric-type 2" ... | |
Elapsed 0.009 sec: | |
Executing the "protocols ospf redistribute static route-map static-to-ospf" ... | |
Elapsed 0.005 sec: | |
Elapsed 0.528 sec: _commit_check_cfg_node | |
Entering the _commit_exec_cfg_node | |
Executing the "protocols ospf" ... | |
Elapsed 0.026 sec: | |
Elapsed 0.026 sec: _commit_exec_cfg_node | |
[[protocols ospf]] failed | |
Entering the _commit_check_cfg_node | |
Executing the "high-availability vrrp group eth0.20-20 address 193.201.42.170/28" ... | |
Elapsed 0.017 sec: | |
Executing the "high-availability vrrp group eth0.20-20 advertise-interval 1" ... | |
Elapsed 0.009 sec: | |
Executing the "high-availability vrrp group eth0.20-20 interface eth0.20" ... | |
Elapsed 0.009 sec: | |
Executing the "high-availability vrrp group eth0.20-20 priority 150" ... | |
Elapsed 0.009 sec: | |
Executing the "high-availability vrrp group eth0.20-20 vrid 20" ... | |
Elapsed 0.009 sec: | |
Elapsed 0.056 sec: _commit_check_cfg_node | |
Entering the _commit_exec_cfg_node | |
Executing the "high-availability" ... | |
Elapsed 0.995 sec: | |
Elapsed 0.995 sec: _commit_exec_cfg_node | |
Entering the _commit_check_cfg_node | |
Executing the "protocols bgp address-family ipv4-unicast aggregate-address 193.201.42.0/24" ... | |
Elapsed 0.012 sec: | |
Executing the "protocols bgp address-family ipv4-unicast network 193.201.42.250/32" ... | |
Elapsed 0.011 sec: | |
Executing the "protocols bgp address-family ipv4-unicast network 193.201.42.250/32 route-map bgp-local-no-export" ... | |
Elapsed 0.005 sec: | |
Executing the "protocols bgp neighbor 193.201.42.213" ... | |
Elapsed 0.017 sec: | |
Executing the "protocols bgp neighbor 193.201.42.213 description qr-r01a" ... | |
Elapsed 0.005 sec: | |
Executing the "protocols bgp neighbor 193.201.42.214" ... | |
Elapsed 0.015 sec: | |
Executing the "protocols bgp neighbor 193.201.42.214 description vp-r01" ... | |
Elapsed 0.004 sec: | |
Executing the "protocols bgp neighbor 193.201.42.215" ... | |
Elapsed 0.014 sec: | |
Executing the "protocols bgp neighbor 193.201.42.215 description ha-r01b" ... | |
Elapsed 0.004 sec: | |
Executing the "protocols bgp neighbor 193.201.42.251" ... | |
Elapsed 0.014 sec: | |
Executing the "protocols bgp neighbor 193.201.42.251 description qr-r01b" ... | |
Elapsed 0.004 sec: | |
Executing the "protocols bgp peer-group ITCONSULT" ... | |
Elapsed 0.004 sec: | |
Executing the "protocols bgp peer-group ITCONSULT remote-as 25040" ... | |
Elapsed 0.008 sec: | |
Executing the "protocols bgp peer-group ITCONSULT update-source 193.201.42.250" ... | |
Elapsed 0.015 sec: | |
Executing the "protocols bgp system-as 25040" ... | |
Elapsed 0.008 sec: | |
Executing the "protocols bgp timers holdtime 45" ... | |
Elapsed 0.008 sec: | |
Executing the "protocols bgp timers keepalive 5" ... | |
Elapsed 0.013 sec: | |
Elapsed 0.172 sec: _commit_check_cfg_node | |
Entering the _commit_exec_cfg_node | |
Executing the "protocols bgp" ... | |
Elapsed 1.844 sec: | |
Elapsed 1.844 sec: _commit_exec_cfg_node | |
Entering the _commit_check_cfg_node | |
Executing the "service ntp allow-client address 0.0.0.0/0" ... | |
Elapsed 0.013 sec: | |
Executing the "service ntp allow-client address ::/0" ... | |
Elapsed 0.012 sec: | |
Executing the "service ntp server 193.201.42.81" ... | |
Elapsed 0.013 sec: | |
Executing the "service ntp server 193.201.42.87" ... | |
Elapsed 0.013 sec: | |
Executing the "service ntp server 193.201.42.97" ... | |
Elapsed 0.013 sec: | |
Executing the "service ntp server 193.201.42.103" ... | |
Elapsed 0.013 sec: | |
Elapsed 0.080 sec: _commit_check_cfg_node | |
Entering the _commit_exec_cfg_node | |
Executing the "service ntp" ... | |
Elapsed 1.290 sec: | |
Elapsed 1.290 sec: _commit_exec_cfg_node | |
Entering the _commit_check_cfg_node | |
Elapsed 0.000 sec: _commit_check_cfg_node | |
Entering the _commit_exec_cfg_node | |
Executing the "qos" ... | |
Elapsed 0.091 sec: | |
Elapsed 0.092 sec: _commit_exec_cfg_node | |
Entering the _commit_check_cfg_node | |
Executing the "service snmp community [redacted]" ... | |
Elapsed 0.006 sec: | |
Executing the "service snmp community [redacted] authorization ro" ... | |
Elapsed 0.005 sec: | |
Executing the "service snmp community [redacted] network 193.201.42.0/24" ... | |
Elapsed 0.012 sec: | |
Elapsed 0.025 sec: _commit_check_cfg_node | |
Entering the _commit_exec_cfg_node | |
Executing the "service snmp" ... | |
Elapsed 3.355 sec: | |
Elapsed 3.355 sec: _commit_exec_cfg_node | |
Entering the _commit_check_cfg_node | |
Executing the "service ssh port 22" ... | |
Elapsed 0.012 sec: | |
Elapsed 0.012 sec: _commit_check_cfg_node | |
Entering the _commit_exec_cfg_node | |
Executing the "service ssh" ... | |
Elapsed 1.095 sec: | |
Elapsed 1.095 sec: _commit_exec_cfg_node | |
Elapsed 28.499 sec: Commit execute priority tree | |
Commit failed | |
itconsult@ha-r01a:~$ | |
itconsult@ha-r01a:~$ | |
itconsult@ha-r01a:~$ sh conf c | strip-private | |
set firewall global-options all-ping 'enable' | |
set firewall global-options broadcast-ping 'disable' | |
set firewall global-options ip-src-route 'disable' | |
set firewall global-options ipv6-receive-redirects 'disable' | |
set firewall global-options ipv6-src-route 'disable' | |
set firewall global-options log-martians 'enable' | |
set firewall global-options receive-redirects 'disable' | |
set firewall global-options send-redirects 'enable' | |
set firewall global-options source-validation 'disable' | |
set firewall global-options syn-cookies 'enable' | |
set firewall global-options twa-hazards-protection 'disable' | |
set firewall group network-group internaladdresses network 'xxx.xxx.42.0/24' | |
set firewall group network-group internaladdresses network 'xxx.xxx.23.0/29' | |
set firewall group network-group internaladdresses network 'xxx.xxx.203.24/29' | |
set firewall group network-group internaladdresses network 'xxx.xxx.69.64/29' | |
set firewall group network-group internaladdresses network 'xxx.xxx.72.64/29' | |
set firewall group network-group internaladdresses network 'xxx.xxx.4.208/29' | |
set firewall group network-group outviajt network 'xxx.xxx.23.0/29' | |
set firewall group network-group outviajt network 'xxx.xxx.4.208/29' | |
set firewall ipv4 input filter default-action 'accept' | |
set firewall ipv4 input filter rule 5 action 'jump' | |
set firewall ipv4 input filter rule 5 inbound-interface name 'eth0.20' | |
set firewall ipv4 input filter rule 5 jump-target 'TO-ROUTER' | |
set firewall ipv4 input filter rule 10 action 'jump' | |
set firewall ipv4 input filter rule 10 inbound-interface name 'pppoe0' | |
set firewall ipv4 input filter rule 10 jump-target 'TO-ROUTER' | |
set firewall ipv4 input filter rule 15 action 'jump' | |
set firewall ipv4 input filter rule 15 inbound-interface name 'vtun1' | |
set firewall ipv4 input filter rule 15 jump-target 'TO-ROUTER' | |
set firewall ipv4 input filter rule 20 action 'jump' | |
set firewall ipv4 input filter rule 20 inbound-interface name 'vtun2' | |
set firewall ipv4 input filter rule 20 jump-target 'TO-ROUTER' | |
set firewall ipv4 input filter rule 25 action 'jump' | |
set firewall ipv4 input filter rule 25 inbound-interface name 'vtun5' | |
set firewall ipv4 input filter rule 25 jump-target 'TO-ROUTER' | |
set firewall ipv4 name TO-ROUTER default-action 'drop' | |
set firewall ipv4 name TO-ROUTER rule 10 action 'return' | |
set firewall ipv4 name TO-ROUTER rule 10 description 'itconsult Local Traffic' | |
set firewall ipv4 name TO-ROUTER rule 10 protocol 'all' | |
set firewall ipv4 name TO-ROUTER rule 10 source address 'xxx.xxx.42.0/24' | |
set firewall ipv4 name TO-ROUTER rule 20 action 'return' | |
set firewall ipv4 name TO-ROUTER rule 20 description 'Foreshore link subnet' | |
set firewall ipv4 name TO-ROUTER rule 20 protocol 'all' | |
set firewall ipv4 name TO-ROUTER rule 20 source address 'xxx.xxx.95.24/29' | |
set firewall ipv4 name TO-ROUTER rule 21 action 'return' | |
set firewall ipv4 name TO-ROUTER rule 21 description 'Foreshore routed subnet' | |
set firewall ipv4 name TO-ROUTER rule 21 protocol 'all' | |
set firewall ipv4 name TO-ROUTER rule 21 source address 'xxx.xxx.69.64/29' | |
set firewall ipv4 name TO-ROUTER rule 30 action 'return' | |
set firewall ipv4 name TO-ROUTER rule 30 description 'Newtel link subnet' | |
set firewall ipv4 name TO-ROUTER rule 30 protocol 'all' | |
set firewall ipv4 name TO-ROUTER rule 30 source address 'xxx.xxx.203.32/29' | |
set firewall ipv4 name TO-ROUTER rule 31 action 'return' | |
set firewall ipv4 name TO-ROUTER rule 31 description 'Newtel link subnet' | |
set firewall ipv4 name TO-ROUTER rule 31 protocol 'all' | |
set firewall ipv4 name TO-ROUTER rule 31 source address 'xxx.xxx.203.24/29' | |
set firewall ipv4 name TO-ROUTER rule 40 action 'return' | |
set firewall ipv4 name TO-ROUTER rule 40 description 'JT link subnet' | |
set firewall ipv4 name TO-ROUTER rule 40 protocol 'all' | |
set firewall ipv4 name TO-ROUTER rule 40 source address 'xxx.xxx.4.208/29' | |
set firewall ipv4 name TO-ROUTER rule 41 action 'return' | |
set firewall ipv4 name TO-ROUTER rule 41 description 'JT routed subnet' | |
set firewall ipv4 name TO-ROUTER rule 41 protocol 'all' | |
set firewall ipv4 name TO-ROUTER rule 41 source address 'xxx.xxx.23.0/29' | |
set firewall ipv4 name TO-ROUTER rule 42 action 'return' | |
set firewall ipv4 name TO-ROUTER rule 42 description 'JT BGP peers' | |
set firewall ipv4 name TO-ROUTER rule 42 protocol 'all' | |
set firewall ipv4 name TO-ROUTER rule 42 source address 'xxx.xxx.12.56/31' | |
set firewall ipv4 name TO-ROUTER rule 43 action 'return' | |
set firewall ipv4 name TO-ROUTER rule 43 description 'JT BGP peers' | |
set firewall ipv4 name TO-ROUTER rule 43 protocol 'all' | |
set firewall ipv4 name TO-ROUTER rule 43 source address 'xxx.xxx.102.192/29' | |
set firewall ipv4 name TO-ROUTER rule 46 action 'return' | |
set firewall ipv4 name TO-ROUTER rule 46 description 'qr broadband' | |
set firewall ipv4 name TO-ROUTER rule 46 protocol 'all' | |
set firewall ipv4 name TO-ROUTER rule 46 source address 'xxx.xxx.27.93/32' | |
set firewall ipv4 name TO-ROUTER rule 47 action 'return' | |
set firewall ipv4 name TO-ROUTER rule 47 description 'vp-r01a' | |
set firewall ipv4 name TO-ROUTER rule 47 protocol 'all' | |
set firewall ipv4 name TO-ROUTER rule 47 source address 'xxx.xxx.63.136/32' | |
set firewall ipv4 name TO-ROUTER rule 50 action 'return' | |
set firewall ipv4 name TO-ROUTER rule 50 description 'ssh from m70' | |
set firewall ipv4 name TO-ROUTER rule 50 destination port 'ssh' | |
set firewall ipv4 name TO-ROUTER rule 50 protocol 'tcp' | |
set firewall ipv4 name TO-ROUTER rule 50 source address 'xxx.xxx.144.150/32' | |
set firewall ipv4 name TO-ROUTER rule 51 action 'return' | |
set firewall ipv4 name TO-ROUTER rule 51 description 'ssh from m72' | |
set firewall ipv4 name TO-ROUTER rule 51 destination port 'ssh' | |
set firewall ipv4 name TO-ROUTER rule 51 protocol 'tcp' | |
set firewall ipv4 name TO-ROUTER rule 51 source address 'xxx.xxx.34.123/32' | |
set firewall ipv4 name TO-ROUTER rule 60 action 'return' | |
set firewall ipv4 name TO-ROUTER rule 60 description 'VRRP' | |
set firewall ipv4 name TO-ROUTER rule 60 destination address 'xxx.xxx.0.18' | |
set firewall ipv4 name TO-ROUTER rule 60 protocol '112' | |
set firewall ipv4 name TO-ROUTER rule 70 action 'return' | |
set firewall ipv4 name TO-ROUTER rule 70 description 'IPSEC UDP' | |
set firewall ipv4 name TO-ROUTER rule 70 destination port '500,4500,1701' | |
set firewall ipv4 name TO-ROUTER rule 70 protocol 'udp' | |
set firewall ipv4 name TO-ROUTER rule 80 action 'return' | |
set firewall ipv4 name TO-ROUTER rule 80 description 'IPSEC ESP' | |
set firewall ipv4 name TO-ROUTER rule 80 protocol 'esp' | |
set firewall ipv4 name TO-ROUTER rule 100 action 'return' | |
set firewall ipv4 name TO-ROUTER rule 100 description 'DHCP' | |
set firewall ipv4 name TO-ROUTER rule 100 destination port 'bootps' | |
set firewall ipv4 name TO-ROUTER rule 100 protocol 'udp' | |
set firewall ipv4 name TO-ROUTER rule 401 action 'return' | |
set firewall ipv4 name TO-ROUTER rule 401 description 'wireguard re lvg-r01' | |
set firewall ipv4 name TO-ROUTER rule 401 destination port '51820' | |
set firewall ipv4 name TO-ROUTER rule 401 protocol 'udp' | |
set firewall ipv4 name TO-ROUTER rule 401 source address 'xxx.xxx.69.0/24' | |
set firewall ipv4 name TO-ROUTER rule 402 action 'return' | |
set firewall ipv4 name TO-ROUTER rule 402 description 'wireguard re lvg-r01' | |
set firewall ipv4 name TO-ROUTER rule 402 destination port '51820' | |
set firewall ipv4 name TO-ROUTER rule 402 protocol 'udp' | |
set firewall ipv4 name TO-ROUTER rule 402 source address 'xxx.xxx.70.0/24' | |
set firewall ipv4 name TO-ROUTER rule 996 action 'return' | |
set firewall ipv4 name TO-ROUTER rule 996 description 'ICMP Throughout' | |
set firewall ipv4 name TO-ROUTER rule 996 protocol 'icmp' | |
set firewall ipv4 name TO-ROUTER rule 999 action 'reject' | |
set firewall ipv4 name TO-ROUTER rule 999 description 'Block' | |
set firewall ipv4 name TO-ROUTER rule 999 protocol 'all' | |
set high-availability vrrp group eth0.20-20 address xxx.xxx.42.170/28 | |
set high-availability vrrp group eth0.20-20 advertise-interval '1' | |
set high-availability vrrp group eth0.20-20 interface 'eth0.20' | |
set high-availability vrrp group eth0.20-20 priority '150' | |
set high-availability vrrp group eth0.20-20 vrid '20' | |
set interfaces ethernet eth0 duplex 'auto' | |
set interfaces ethernet eth0 hw-id 'xx:xx:xx:xx:xx:24' | |
set interfaces ethernet eth0 offload gro | |
set interfaces ethernet eth0 offload gso | |
set interfaces ethernet eth0 offload sg | |
set interfaces ethernet eth0 offload tso | |
set interfaces ethernet eth0 speed 'auto' | |
set interfaces ethernet eth0 vif 20 address 'xxx.xxx.42.168/28' | |
set interfaces ethernet eth0 vif 20 description 'Hatherley Backbone' | |
set interfaces ethernet eth0 vif 122 description 'ONT 509001' | |
set interfaces loopback lo address 'xxx.xxx.42.250/32' | |
set interfaces openvpn vtun1 description 'qr-r01a bb - ha-r01a bb' | |
set interfaces openvpn vtun1 disable | |
set interfaces openvpn vtun1 encryption cipher 'aes256' | |
set interfaces openvpn vtun1 hash 'sha256' | |
set interfaces openvpn vtun1 local-address xxx.xxx.42.146 subnet-mask 'xxx.xxx.255.252' | |
set interfaces openvpn vtun1 mode 'site-to-site' | |
set interfaces openvpn vtun1 remote-address 'xxx.xxx.42.145' | |
set interfaces openvpn vtun1 remote-host 'xxx.xxx.27.93' | |
set interfaces openvpn vtun1 shared-secret-key 'openvpn_vtun1_shared' | |
set interfaces openvpn vtun2 description 'qr-r01b foreshore - ha-r01a bb' | |
set interfaces openvpn vtun2 disable | |
set interfaces openvpn vtun2 encryption cipher 'aes256' | |
set interfaces openvpn vtun2 hash 'sha256' | |
set interfaces openvpn vtun2 local-address xxx.xxx.42.150 subnet-mask 'xxx.xxx.255.252' | |
set interfaces openvpn vtun2 local-port '1195' | |
set interfaces openvpn vtun2 mode 'site-to-site' | |
set interfaces openvpn vtun2 remote-address 'xxx.xxx.42.149' | |
set interfaces openvpn vtun2 remote-host 'xxx.xxx.95.29' | |
set interfaces openvpn vtun2 remote-port '1195' | |
set interfaces openvpn vtun2 shared-secret-key 'openvpn_vtun2_shared' | |
set interfaces openvpn vtun5 description 'vp-r01 - broadband' | |
set interfaces openvpn vtun5 disable | |
set interfaces openvpn vtun5 encryption cipher 'aes256' | |
set interfaces openvpn vtun5 hash 'sha256' | |
set interfaces openvpn vtun5 local-address xxx.xxx.42.241 subnet-mask 'xxx.xxx.255.252' | |
set interfaces openvpn vtun5 local-port '1198' | |
set interfaces openvpn vtun5 mode 'site-to-site' | |
set interfaces openvpn vtun5 remote-address 'xxx.xxx.42.242' | |
set interfaces openvpn vtun5 remote-host 'xxx.xxx.63.136' | |
set interfaces openvpn vtun5 remote-port '1198' | |
set interfaces openvpn vtun5 shared-secret-key 'openvpn_vtun5_shared' | |
set interfaces pppoe pppoe0 authentication password xxxxxx | |
set interfaces pppoe pppoe0 authentication username xxxxxx | |
set interfaces pppoe pppoe0 mtu '1492' | |
set interfaces pppoe pppoe0 no-default-route | |
set interfaces pppoe pppoe0 no-peer-dns | |
set interfaces pppoe pppoe0 source-interface 'eth0.122' | |
set interfaces wireguard wg09 address 'xxx.xxx.136.237/30' | |
set interfaces wireguard wg09 description 'lvg-r01 via JT Broadband/Airtel' | |
set interfaces wireguard wg09 peer to-lvg-r01 allowed-ips 'xxx.xxx.0.0/0' | |
set interfaces wireguard wg09 peer to-lvg-r01 persistent-keepalive '25' | |
set interfaces wireguard wg09 peer to-lvg-r01 public-key 'CUB1Xs9TIwiKpZLtI09YlkY6+e0qc6WParY1Ku9SrXo=' | |
set interfaces wireguard wg09 port '51820' | |
set interfaces wireguard wg09 private-key xxxxxx | |
set pki openvpn shared-secret xxxxxx key xxxxxx | |
set pki openvpn shared-secret xxxxxx version '1' | |
set pki openvpn shared-secret xxxxxx key xxxxxx | |
set pki openvpn shared-secret xxxxxx version '1' | |
set pki openvpn shared-secret xxxxxx key xxxxxx | |
set pki openvpn shared-secret xxxxxx version '1' | |
set policy as-path-list itconsult rule 10 action 'permit' | |
set policy as-path-list itconsult rule 10 regex '^$' | |
set policy prefix-list default-route rule 10 action 'permit' | |
set policy prefix-list default-route rule 10 prefix 'xxx.xxx.0.0/0' | |
set policy prefix-list itconsult-aggregated rule 10 action 'permit' | |
set policy prefix-list itconsult-aggregated rule 10 prefix 'xxx.xxx.42.0/24' | |
set policy prefix-list rfc1918 rule 10 action 'permit' | |
set policy prefix-list rfc1918 rule 10 prefix 'xxx.xxx.0.0/8' | |
set policy prefix-list rfc1918 rule 11 action 'permit' | |
set policy prefix-list rfc1918 rule 11 ge '9' | |
set policy prefix-list rfc1918 rule 11 prefix 'xxx.xxx.0.0/8' | |
set policy prefix-list rfc1918 rule 20 action 'permit' | |
set policy prefix-list rfc1918 rule 20 prefix 'xxx.xxx.0.0/12' | |
set policy prefix-list rfc1918 rule 21 action 'permit' | |
set policy prefix-list rfc1918 rule 21 ge '13' | |
set policy prefix-list rfc1918 rule 21 prefix 'xxx.xxx.0.0/12' | |
set policy prefix-list rfc1918 rule 30 action 'permit' | |
set policy prefix-list rfc1918 rule 30 prefix 'xxx.xxx.0.0/16' | |
set policy prefix-list rfc1918 rule 31 action 'permit' | |
set policy prefix-list rfc1918 rule 31 ge '17' | |
set policy prefix-list rfc1918 rule 31 prefix 'xxx.xxx.0.0/16' | |
set policy route outviajt interface 'eth0.20' | |
set policy route outviajt rule 10 description 'Internal Traffic' | |
set policy route outviajt rule 10 destination group network-group 'internaladdresses' | |
set policy route outviajt rule 10 set table 'main' | |
set policy route outviajt rule 10 source group network-group 'outviajt' | |
set policy route outviajt rule 20 description 'Out via JT' | |
set policy route outviajt rule 20 set table '1' | |
set policy route outviajt rule 20 source group network-group 'outviajt' | |
set policy route outviajt rule 30 description 'Normal Traffic' | |
set policy route outviajt rule 30 set table 'main' | |
set policy route-map bgp-local-no-export rule 10 action 'permit' | |
set policy route-map bgp-local-no-export rule 10 set | |
set policy route-map bgp-no-advertise rule 10 action 'deny' | |
set policy route-map static-to-ospf rule 10 action 'permit' | |
set policy route-map static-to-ospf rule 10 description 'Redistribute default route' | |
set policy route-map static-to-ospf rule 10 match ip address prefix-list 'default-route' | |
set policy route-map static-to-ospf rule 20 action 'deny' | |
set policy route-map static-to-ospf rule 20 description 'Do not resistribute anything else' | |
set protocols bgp address-family ipv4-unicast aggregate-address xxx.xxx.42.0/24 | |
set protocols bgp address-family ipv4-unicast network xxx.xxx.42.250/32 route-map 'bgp-local-no-export' | |
set protocols bgp neighbor xxx.xxx.42.213 address-family ipv4-unicast | |
set protocols bgp neighbor xxx.xxx.42.213 description 'qr-r01a' | |
set protocols bgp neighbor xxx.xxx.42.213 peer-group 'ITCONSULT' | |
set protocols bgp neighbor xxx.xxx.42.214 address-family ipv4-unicast | |
set protocols bgp neighbor xxx.xxx.42.214 description 'vp-r01' | |
set protocols bgp neighbor xxx.xxx.42.214 peer-group 'ITCONSULT' | |
set protocols bgp neighbor xxx.xxx.42.215 address-family ipv4-unicast | |
set protocols bgp neighbor xxx.xxx.42.215 description 'ha-r01b' | |
set protocols bgp neighbor xxx.xxx.42.215 peer-group 'ITCONSULT' | |
set protocols bgp neighbor xxx.xxx.42.251 address-family ipv4-unicast | |
set protocols bgp neighbor xxx.xxx.42.251 description 'qr-r01b' | |
set protocols bgp neighbor xxx.xxx.42.251 peer-group 'ITCONSULT' | |
set protocols bgp parameters log-neighbor-changes | |
set protocols bgp parameters no-fast-external-failover | |
set protocols bgp peer-group ITCONSULT remote-as '25040' | |
set protocols bgp peer-group ITCONSULT update-source 'xxx.xxx.42.250' | |
set protocols bgp system-as '25040' | |
set protocols bgp timers holdtime '45' | |
set protocols bgp timers keepalive '5' | |
set protocols static route xxx.xxx.0.0/0 blackhole distance '210' | |
set protocols static route xxx.xxx.63.136/32 interface pppoe0 | |
set protocols static route xxx.xxx.69.0/24 interface pppoe0 | |
set protocols static route xxx.xxx.70.0/24 interface pppoe0 | |
set protocols static route xxx.xxx.42.0/24 blackhole distance '210' | |
set protocols static route xxx.xxx.42.188/32 next-hop xxx.xxx.42.171 | |
set protocols static route xxx.xxx.12.56/31 interface pppoe0 | |
set protocols static route xxx.xxx.27.93/32 interface pppoe0 | |
set protocols static route xxx.xxx.95.29/32 interface pppoe0 | |
set protocols static table 1 route xxx.xxx.0.0/0 interface pppoe0 | |
set qos policy | |
set service ntp allow-client xxxxxx 'xxx.xxx.0.0/0' | |
set service ntp allow-client xxxxxx '::/0' | |
set service ntp server xxxxx.tld | |
set service ntp server xxxxx.tld | |
set service ntp server xxxxx.tld | |
set service ntp server xxxxx.tld | |
set service snmp community [redacted] authorization 'ro' | |
set service snmp community [redacted] network 'xxx.xxx.42.0/24' | |
set service ssh port '22' | |
set system config-management commit-revisions '20' | |
set system conntrack modules ftp | |
set system conntrack modules h323 | |
set system conntrack modules nfs | |
set system conntrack modules pptp | |
set system conntrack modules sip | |
set system conntrack modules sqlnet | |
set system conntrack modules tftp | |
set system domain-name xxxxxx | |
set system host-name xxxxxx | |
set system login banner post-login '' | |
set system login banner pre-login '' | |
set system login user xxxxxx authentication encrypted-password xxxxxx | |
set system login user xxxxxx authentication plaintext-password xxxxxx | |
set system name-server 'xxx.xxx.42.9' | |
set system name-server 'xxx.xxx.42.130' | |
set system syslog global facility all level 'debug' | |
set system syslog global facility local7 level 'debug' | |
set system syslog host xxx.xxx.42.2 facility all level 'debug' | |
set system time-zone 'GB' | |
itconsult@ha-r01a:~$ | |
itconsult@ha-r01a:~$ sh int | |
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down | |
Interface IP Address MAC VRF MTU S/L Description | |
----------- ----------------- ----------------- ------- ----- ----- ------------------------------- | |
eth0 - 00:16:3e:e0:be:24 default 1500 u/u | |
eth0.20 193.201.42.168/28 00:16:3e:e0:be:24 default 1500 u/u Hatherley Backbone | |
193.201.42.170/28 | |
eth0.122 - 00:16:3e:e0:be:24 default 1500 u/u ONT 509001 | |
lo 127.0.0.1/8 00:00:00:00:00:00 default 65536 u/u | |
193.201.42.250/32 | |
::1/128 | |
pppoe0 212.9.10.53/32 n/a default 1492 u/u | |
wg09 10.193.136.237/30 n/a default 1420 u/u lvg-r01 via JT Broadband/Airtel | |
itconsult@ha-r01a:~$ | |
itconsult@ha-r01a:~$ | |
itconsult@ha-r01a:~$ conf | |
WARNING: There was a config error on boot: saving the configuration now could overwrite data. | |
You may want to check and reload the boot config | |
[edit] | |
itconsult@ha-r01a# load | |
Loading configuration from 'config.boot' | |
Load complete. Use 'commit' to make changes effective. | |
[edit] | |
itconsult@ha-r01a# sh | strip-private | |
firewall { | |
global-options { | |
all-ping enable | |
broadcast-ping disable | |
ipv6-receive-redirects disable | |
ipv6-src-route disable | |
ip-src-route disable | |
log-martians enable | |
receive-redirects disable | |
send-redirects enable | |
source-validation disable | |
syn-cookies enable | |
twa-hazards-protection disable | |
} | |
group { | |
network-group internaladdresses { | |
network xxx.xxx.42.0/24 | |
network xxx.xxx.23.0/29 | |
network xxx.xxx.203.24/29 | |
network xxx.xxx.69.64/29 | |
network xxx.xxx.72.64/29 | |
network xxx.xxx.4.208/29 | |
} | |
network-group outviajt { | |
network xxx.xxx.23.0/29 | |
network xxx.xxx.4.208/29 | |
} | |
} | |
ipv4 { | |
input { | |
filter { | |
default-action accept | |
rule 5 { | |
action jump | |
inbound-interface { | |
name eth0.20 | |
} | |
jump-target TO-ROUTER | |
} | |
rule 10 { | |
action jump | |
inbound-interface { | |
name pppoe0 | |
} | |
jump-target TO-ROUTER | |
} | |
rule 15 { | |
action jump | |
inbound-interface { | |
name vtun1 | |
} | |
jump-target TO-ROUTER | |
} | |
rule 20 { | |
action jump | |
inbound-interface { | |
name vtun2 | |
} | |
jump-target TO-ROUTER | |
} | |
rule 25 { | |
action jump | |
inbound-interface { | |
name vtun5 | |
} | |
jump-target TO-ROUTER | |
} | |
} | |
} | |
name TO-ROUTER { | |
default-action drop | |
rule 10 { | |
action return | |
description "itconsult Local Traffic" | |
protocol all | |
source { | |
address xxx.xxx.42.0/24 | |
} | |
} | |
rule 20 { | |
action return | |
description "Foreshore link subnet" | |
protocol all | |
source { | |
address xxx.xxx.95.24/29 | |
} | |
} | |
rule 21 { | |
action return | |
description "Foreshore routed subnet" | |
protocol all | |
source { | |
address xxx.xxx.69.64/29 | |
} | |
} | |
rule 30 { | |
action return | |
description "Newtel link subnet" | |
protocol all | |
source { | |
address xxx.xxx.203.32/29 | |
} | |
} | |
rule 31 { | |
action return | |
description "Newtel link subnet" | |
protocol all | |
source { | |
address xxx.xxx.203.24/29 | |
} | |
} | |
rule 40 { | |
action return | |
description "JT link subnet" | |
protocol all | |
source { | |
address xxx.xxx.4.208/29 | |
} | |
} | |
rule 41 { | |
action return | |
description "JT routed subnet" | |
protocol all | |
source { | |
address xxx.xxx.23.0/29 | |
} | |
} | |
rule 42 { | |
action return | |
description "JT BGP peers" | |
protocol all | |
source { | |
address xxx.xxx.12.56/31 | |
} | |
} | |
rule 43 { | |
action return | |
description "JT BGP peers" | |
protocol all | |
source { | |
address xxx.xxx.102.192/29 | |
} | |
} | |
rule 46 { | |
action return | |
description "qr broadband" | |
protocol all | |
source { | |
address xxx.xxx.27.93/32 | |
} | |
} | |
rule 47 { | |
action return | |
description vp-r01a | |
protocol all | |
source { | |
address xxx.xxx.63.136/32 | |
} | |
} | |
rule 50 { | |
action return | |
description "ssh from m70" | |
destination { | |
port ssh | |
} | |
protocol tcp | |
source { | |
address xxx.xxx.144.150/32 | |
} | |
} | |
rule 51 { | |
action return | |
description "ssh from m72" | |
destination { | |
port ssh | |
} | |
protocol tcp | |
source { | |
address xxx.xxx.34.123/32 | |
} | |
} | |
rule 60 { | |
action return | |
description VRRP | |
destination { | |
address xxx.xxx.0.18 | |
} | |
protocol 112 | |
} | |
rule 70 { | |
action return | |
description "IPSEC UDP" | |
destination { | |
port 500,4500,1701 | |
} | |
protocol udp | |
} | |
rule 80 { | |
action return | |
description "IPSEC ESP" | |
protocol esp | |
} | |
rule 100 { | |
action return | |
description DHCP | |
destination { | |
port bootps | |
} | |
protocol udp | |
} | |
rule 401 { | |
action return | |
description "wireguard re lvg-r01" | |
destination { | |
port 51820 | |
} | |
protocol udp | |
source { | |
address xxx.xxx.69.0/24 | |
} | |
} | |
rule 402 { | |
action return | |
description "wireguard re lvg-r01" | |
destination { | |
port 51820 | |
} | |
protocol udp | |
source { | |
address xxx.xxx.70.0/24 | |
} | |
} | |
rule 996 { | |
action return | |
description "ICMP Throughout" | |
protocol icmp | |
} | |
rule 999 { | |
action reject | |
description Block | |
protocol all | |
} | |
} | |
} | |
} | |
high-availability { | |
vrrp { | |
group eth0.20-20 { | |
address xxx.xxx.42.170/28 { | |
} | |
advertise-interval 1 | |
interface eth0.20 | |
priority 150 | |
vrid 20 | |
} | |
} | |
} | |
interfaces { | |
ethernet eth0 { | |
duplex auto | |
hw-id xx:xx:xx:xx:xx:24 | |
offload { | |
gro | |
gso | |
sg | |
tso | |
} | |
speed auto | |
vif 20 { | |
address xxx.xxx.42.168/28 | |
description "Hatherley Backbone" | |
} | |
vif 122 { | |
description "ONT 509001" | |
} | |
} | |
loopback lo { | |
address xxx.xxx.42.250/32 | |
} | |
openvpn vtun1 { | |
description "qr-r01a bb - ha-r01a bb" | |
disable | |
encryption { | |
cipher aes256 | |
} | |
hash sha256 | |
local-address xxx.xxx.42.146 { | |
subnet-mask xxx.xxx.255.252 | |
} | |
mode site-to-site | |
remote-address xxx.xxx.42.145 | |
remote-host xxxxx.tld | |
shared-secret-key openvpn_vtun1_shared | |
} | |
openvpn vtun2 { | |
description "qr-r01b foreshore - ha-r01a bb" | |
disable | |
encryption { | |
cipher aes256 | |
} | |
hash sha256 | |
local-address xxx.xxx.42.150 { | |
subnet-mask xxx.xxx.255.252 | |
} | |
local-port 1195 | |
mode site-to-site | |
remote-address xxx.xxx.42.149 | |
remote-host xxxxx.tld | |
remote-port 1195 | |
shared-secret-key openvpn_vtun2_shared | |
} | |
openvpn vtun5 { | |
description "vp-r01 - broadband" | |
disable | |
encryption { | |
cipher aes256 | |
} | |
hash sha256 | |
local-address xxx.xxx.42.241 { | |
subnet-mask xxx.xxx.255.252 | |
} | |
local-port 1198 | |
mode site-to-site | |
remote-address xxx.xxx.42.242 | |
remote-host xxxxx.tld | |
remote-port 1198 | |
shared-secret-key openvpn_vtun5_shared | |
} | |
pppoe pppoe0 { | |
authentication { | |
password xxxxxx | |
username xxxxxx | |
} | |
mtu 1492 | |
no-default-route | |
no-peer-dns | |
source-interface eth0.122 | |
} | |
wireguard wg09 { | |
address xxx.xxx.136.237/30 | |
description "lvg-r01 via JT Broadband/Airtel" | |
peer to-lvg-r01 { | |
allowed-ips xxx.xxx.0.0/0 | |
persistent-keepalive 25 | |
public-key CUB1Xs9TIwiKpZLtI09YlkY6+e0qc6WParY1Ku9SrXo= | |
} | |
port 51820 | |
private-key xxxxxx | |
} | |
} | |
pki { | |
openvpn { | |
shared-secret xxxxxx { | |
key xxxxxx | |
version 1 | |
} | |
shared-secret xxxxxx { | |
key xxxxxx | |
version 1 | |
} | |
shared-secret xxxxxx { | |
key xxxxxx | |
version 1 | |
} | |
} | |
} | |
policy { | |
as-path-list itconsult { | |
rule 10 { | |
action permit | |
regex ^$ | |
} | |
} | |
prefix-list default-route { | |
rule 10 { | |
action permit | |
prefix xxx.xxx.0.0/0 | |
} | |
} | |
prefix-list itconsult-aggregated { | |
rule 10 { | |
action permit | |
prefix xxx.xxx.42.0/24 | |
} | |
} | |
prefix-list rfc1918 { | |
rule 10 { | |
action permit | |
prefix xxx.xxx.0.0/8 | |
} | |
rule 11 { | |
action permit | |
ge 9 | |
prefix xxx.xxx.0.0/8 | |
} | |
rule 20 { | |
action permit | |
prefix xxx.xxx.0.0/12 | |
} | |
rule 21 { | |
action permit | |
ge 13 | |
prefix xxx.xxx.0.0/12 | |
} | |
rule 30 { | |
action permit | |
prefix xxx.xxx.0.0/16 | |
} | |
rule 31 { | |
action permit | |
ge 17 | |
prefix xxx.xxx.0.0/16 | |
} | |
} | |
route outviajt { | |
interface eth0.20 | |
rule 10 { | |
description "Internal Traffic" | |
destination { | |
group { | |
network-group internaladdresses | |
} | |
} | |
set { | |
table main | |
} | |
source { | |
group { | |
network-group outviajt | |
} | |
} | |
} | |
rule 20 { | |
description "Out via JT" | |
set { | |
table 1 | |
} | |
source { | |
group { | |
network-group outviajt | |
} | |
} | |
} | |
rule 30 { | |
description "Normal Traffic" | |
set { | |
table main | |
} | |
} | |
} | |
route-map bgp-local-no-export { | |
rule 10 { | |
action permit | |
set { | |
} | |
} | |
} | |
route-map bgp-no-advertise { | |
rule 10 { | |
action deny | |
} | |
} | |
route-map static-to-ospf { | |
rule 10 { | |
action permit | |
description "Redistribute default route" | |
match { | |
ip { | |
address { | |
prefix-list default-route | |
} | |
} | |
} | |
} | |
rule 20 { | |
action deny | |
description "Do not resistribute anything else" | |
} | |
} | |
} | |
protocols { | |
bgp { | |
address-family { | |
ipv4-unicast { | |
aggregate-address xxx.xxx.42.0/24 { | |
} | |
network xxx.xxx.42.250/32 { | |
route-map bgp-local-no-export | |
} | |
} | |
} | |
neighbor xxx.xxx.42.213 { | |
address-family { | |
ipv4-unicast { | |
} | |
} | |
description qr-r01a | |
peer-group ITCONSULT | |
} | |
neighbor xxx.xxx.42.214 { | |
address-family { | |
ipv4-unicast { | |
} | |
} | |
description vp-r01 | |
peer-group ITCONSULT | |
} | |
neighbor xxx.xxx.42.215 { | |
address-family { | |
ipv4-unicast { | |
} | |
} | |
description ha-r01b | |
peer-group ITCONSULT | |
} | |
neighbor xxx.xxx.42.251 { | |
address-family { | |
ipv4-unicast { | |
} | |
} | |
description qr-r01b | |
peer-group ITCONSULT | |
} | |
parameters { | |
log-neighbor-changes | |
no-fast-external-failover | |
} | |
peer-group ITCONSULT { | |
remote-as XXXXXX | |
update-source xxx.xxx.42.250 | |
} | |
system-as 25040 | |
timers { | |
holdtime 45 | |
keepalive 5 | |
} | |
} | |
+ ospf { | |
+ area 0 { | |
+ area-type { | |
+ normal | |
+ } | |
+ network xxx.xxx.42.160/28 | |
+ network xxx.xxx.42.250/32 | |
+ network xxx.xxx.42.156/30 | |
+ network xxx.xxx.42.200/30 | |
+ network xxx.xxx.42.144/30 | |
+ network xxx.xxx.42.148/30 | |
+ network xxx.xxx.42.240/30 | |
+ network xxx.xxx.136.236/30 | |
+ } | |
+ default-information { | |
+ originate { | |
+ metric 10 | |
+ metric-type 1 | |
+ } | |
+ } | |
+ interface eth0.20 { | |
+ cost 10 | |
+ dead-interval 4 | |
+ hello-interval 1 | |
+ priority 120 | |
+ retransmit-interval 5 | |
+ transmit-delay 1 | |
+ } | |
+ interface vtun1 { | |
+ cost 20 | |
+ dead-interval 4 | |
+ hello-interval 1 | |
+ network point-to-point | |
+ priority 1 | |
+ retransmit-interval 5 | |
+ transmit-delay 1 | |
+ } | |
+ interface vtun2 { | |
+ cost 40 | |
+ dead-interval 4 | |
+ hello-interval 1 | |
+ network point-to-point | |
+ priority 1 | |
+ retransmit-interval 5 | |
+ transmit-delay 1 | |
+ } | |
+ interface vtun5 { | |
+ cost 65 | |
+ dead-interval 4 | |
+ hello-interval 1 | |
+ network point-to-point | |
+ priority 1 | |
+ retransmit-interval 5 | |
+ transmit-delay 1 | |
+ } | |
+ interface wg09 { | |
+ dead-interval 4 | |
+ hello-interval 1 | |
+ network point-to-point | |
+ priority 1 | |
+ retransmit-interval 5 | |
+ transmit-delay 1 | |
+ } | |
+ log-adjacency-changes { | |
+ detail | |
+ } | |
+ redistribute { | |
+ static { | |
+ metric-type 2 | |
+ route-map static-to-ospf | |
+ } | |
+ } | |
+ } | |
static { | |
route xxx.xxx.0.0/0 { | |
blackhole { | |
distance 210 | |
} | |
} | |
route xxx.xxx.63.136/32 { | |
interface pppoe0 { | |
} | |
} | |
route xxx.xxx.69.0/24 { | |
interface pppoe0 { | |
} | |
} | |
route xxx.xxx.70.0/24 { | |
interface pppoe0 { | |
} | |
} | |
route xxx.xxx.42.0/24 { | |
blackhole { | |
distance 210 | |
} | |
} | |
- route xxx.xxx.42.188/32 { | |
- next-hop xxx.xxx.42.171 { | |
- } | |
- } | |
route xxx.xxx.12.56/31 { | |
interface pppoe0 { | |
} | |
} | |
route xxx.xxx.27.93/32 { | |
interface pppoe0 { | |
} | |
} | |
route xxx.xxx.95.29/32 { | |
interface pppoe0 { | |
} | |
} | |
table 1 { | |
route xxx.xxx.0.0/0 { | |
interface pppoe0 { | |
} | |
} | |
} | |
} | |
} | |
qos { | |
policy { | |
} | |
} | |
service { | |
ntp { | |
allow-client xxxxxx | |
address xxx.xxx.0.0/0 | |
address ::/0 | |
} | |
server xxxxx.tld { | |
} | |
server xxxxx.tld { | |
} | |
server xxxxx.tld { | |
} | |
server xxxxx.tld { | |
} | |
} | |
snmp { | |
community [redacted] { | |
authorization ro | |
network xxx.xxx.42.0/24 | |
} | |
} | |
ssh { | |
port 22 | |
} | |
} | |
system { | |
config-management { | |
commit-revisions 20 | |
} | |
conntrack { | |
modules { | |
ftp | |
h323 | |
nfs | |
pptp | |
sip | |
sqlnet | |
tftp | |
} | |
} | |
domain-name xxxxxx | |
host-name xxxxxx | |
login { | |
banner { | |
post-login "" | |
pre-login "" | |
} | |
user xxxxxx { | |
authentication { | |
encrypted-password xxxxxx | |
plaintext-password xxxxxx | |
} | |
} | |
} | |
name-server xxx.xxx.42.9 | |
name-server xxx.xxx.42.130 | |
syslog { | |
global { | |
facility all { | |
level debug | |
} | |
facility local7 { | |
level debug | |
} | |
} | |
host xxx.xxx.42.2 { | |
facility all { | |
level debug | |
} | |
} | |
} | |
time-zone GB | |
} | |
[edit] | |
itconsult@ha-r01a# exit discard | |
exit | |
itconsult@ha-r01a:~$ | |
itconsult@ha-r01a:~$ | |
itconsult@ha-r01a:~$ | |
itconsult@ha-r01a:~$ | |
itconsult@ha-r01a:~$ | |
itconsult@ha-r01a:~$ conf | |
WARNING: There was a config error on boot: saving the configuration now could overwrite data. | |
You may want to check and reload the boot config | |
[edit] | |
itconsult@ha-r01a# load | |
Loading configuration from 'config.boot' | |
Load complete. Use 'commit' to make changes effective. | |
[edit] | |
itconsult@ha-r01a# commit | |
Interface "vtun1" does not exist! | |
[[protocols ospf]] failed | |
Commit failed | |
[edit] | |
itconsult@ha-r01a# | |
[edit] | |
itconsult@ha-r01a# | |
[edit] | |
itconsult@ha-r01a# | |
[edit] | |
itconsult@ha-r01a# | |
[edit] | |
itconsult@ha-r01a# | |
[edit] | |
itconsult@ha-r01a# exit | |
Cannot exit: configuration modified. | |
Use 'exit discard' to discard the changes and exit. | |
[edit] | |
itconsult@ha-r01a# exit discard | |
exit | |
itconsult@ha-r01a:~$ |
File Metadata
File Metadata
- Mime Type
- text/plain
- Storage Engine
- blob
- Storage Format
- Raw Data
- Storage Handle
- 440041
- Default Alt Text
- 240309-ha-r01a-test3.txt (102 KB)